Ethernet Switching
Highlighted
Ethernet Switching

Private VLAN Configuration !!! Urgent

‎12-28-2014 02:12 PM

Hi 

 

i will do private vlan configuration on mx80 router and juniper ex4200 switch. I understand private vlan configuration but i don't understand ip subnetting on this config. Example ; primary vlan id 100, vlan a - id 101 , vlan b - id 102 . I want to give 6 ip to customer on vlan a and 6 ip to customer on vlan b. How do I specify the configuration of the ip range that will give the customer? I didn't find example config. Can you help me for this config?

 

thanks.

Attachments

3 REPLIES 3
Highlighted
Ethernet Switching

Re: Private VLAN Configuration !!! Urgent

‎12-29-2014 06:42 AM

You should assign the two vlan two differents ip networks, for example

 

vlan 101 network: 192.168.5.0/24

vlan 101 router ip: 192.168.5.1/24

vlan 101 customer ip: 192.168.5.2, 192.168.5.3, 192.168.5.4

 

vlan 102 network: 192.168.3.0/24

vlan 102 router ip: 192.168.3.1/24

vlan 102 customer ip: 192.168.3.2, 192.168.3.3, 192.168.3.4

 

 

If you want to give the customer IP address in the same network you'll have to bridge their vlan, so it would be quite the same to use the same vlan for both of them.

 

Highlighted
Ethernet Switching

Re: Private VLAN Configuration !!! Urgent

‎12-29-2014 09:41 AM

 

P-VLANs and subnetting are two completely different things. The main use of P-VLAN is to isolate hosts on the same subnet.

You will want to look up a subnetting cheat sheet and see how many host you will get depending on he masks. For example, in order to give each customer 6 address, you would use a /29 for each of the vlans.

32 - 29 =  3 (host bits) 2^3 = 8 host IP address. Minus the 1st and last (Network and broadcast address) = 6 usable host IP address.

You can use an Online IP subnet calculator: http://www.subnet-calculator.com/

http://www.techopedia.com/6/28587/internet/8-steps-to-understanding-ip-subnetting

 

VLAN A

Host Address Range 192.168.1.1 - 192.168.1.6 (you will use one ofr these for the gateway on the layer 3 interface e.g. vlan.100)
Subnet ID 192.168.1.0
Broadcast Address 192.168.1.7

VLAN B
Host Address Range 192.168.1.9 - 192.168.1.14 (you will use one ofr these for the gateway on the layer 3 interface e.g. vlan.101)
Subnet ID 192.168.1.8
Broadcast Address 192.168.1.15

[KUDOS PLEASE! If you think I earned it!
If this solution worked for you please flag my post as an "Accepted Solution" so others can benefit..]
Highlighted
Ethernet Switching

Re: Private VLAN Configuration !!! Urgent

[ Edited ]
‎12-29-2014 03:24 PM

Private VLANs are supposed to help by breaking up a single broadcast domain into segments that cannot communicate directly with each other. So while giving each customer their own full VLAN and separate IP subnet is how it's normally done, I suspect that is not feasible in this case. 

 

OP, as someone in one of the cross-posted threads suggested, you could try static MAC to IP mappings and secure access ports. In addition, you could so try VLAN firewall filters to only allow certain IPs through certain physical ports. Both of these suggestions are not very scalable beyond a few static customers, so if you do have the IP space, the better way to go about this is to give each customer their own subnet. 

 

And more specific to your question, you would specify the subnet as a single subnet on the MX80, assuming that is your Layer 3 gateway. For example,  if you have 4 customers and you want to assign a single network for all of them, you can define a /27 on the MX80 and divide up the subnet as you stated in your original post, but the subnet mask for all 4 customers would be /27 because they are technically all on the same broadcast domain. 

Feedback