Private VLAN

thanks state farm guy for your sharing

Is this a lab on the exam or just a diagram with the questions?

Thanks for sharing State Farm guy

Q1, Why is the answer not D, configure VTP version 3?

Even the explanation says this: “VTP version 3 does support PVLAN”

Q5,
why should I configure the gateway ON the Router as promiscuous port??
I understand Q4, because that’s the port of the switch, but the Gateway is Layer 3.

@perpelexed, it is the gateway so everyone can go through,therefore it should be promiscuous so as to allow members of the isolated and community vlans go out to the internet.

@GnB
I understand the concept that you’re trying to explain, I’d like to see the actual config for that.
I’ve touched many routers in production networks and I’ve never seen a Layer 3 interface configured like that.
I found the router on the stick versions, with subinterfaces for different vlans, running trunk, but still never seen the actual need to configure the router port as promiscuous, the actual layer 3 gateway.

I can’t find the command on any routed interface.

The port on the switch that connects to the router will be promiscuous, but the port of the router will simply be a layer 3 port with an IP address part of that subnet.

I’d love to hear more opinions, or some actual config example.

Is there a premium member quiz for this section?

Ah yes, just found link further down the page.

VCE exam simulator v3.4.2 free download for limited time

http://www.softwaresfiles.com/index.php/2015/07/30/cisco-vce-exam-simulatorplayer/

Hallo all ,
Can you help me with dumps image and with the labs for ccnp switch 300-115 ?
Please send me at email akarimade@yahoo.com
Thanks all

@oofus

Q#1. i was thinking the same but nobody discussed about it

”Q1, Why is the answer not D, configure VTP version 3?
Even the explanation says this: “VTP version 3 does support PVLAN”

@SAM & oofus

i do believe both answers are correct. it depends on how the question is asked. but also the question asked is not clear. Let’s just assume that the switch isn’t capable of using VTP version 3. so the only solution left is to set the VTP mode to transparent

Q1. The answer is C. The first step to configuring Private VLANs is to switch to VTP Transparent mode. That is right out of the Cisco Software Configuration Guide.

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750/software/release/12-2_55_se/configuration/guide/scg3750/swpvlan.html

Hallo all,

Can you tell me if that dumps are nit valid ?
Can you send me valid dumps on mail : {email not allowed}

Thanks,

@perplexed
I believe you are right. the router/L3 port doesn’t need to be configured as trunk, access, isolated, community, or ever promiscuous.

but the switch/ L2 port connected to gate way devices must be promiscuous as long as we have PVALNs on that switch, I guess.

Is this an objective question?

Or we need to do configuration like a sim?

@perplexed

wmohammad’s comment is correct

@slothar, that documentation is old. VTP v3 also supports PVLans in server mode.
“In VTP versions 1 and 2, the switch must be in VTP transparent mode when you create private VLANs and when they are configured, you should not change the VTP mode from transparent to client or server mode. VTP version 3 also supports private VLANs in client and server modes.”

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/12-2_52_se/configuration/guide/3560scg/swvtp.html

http://www.pass4suredumps.com/300-320.html

Hi,

Recently, I personally passed CCNP Route 300-101,SWITCH 300-115,TSHOOT 300-135 exams with full marks.
I have purchased latest Premium vce dumps file that are 100% valid and I’m giving at nominal sharing cost.wanninayakegcb@gmail_com

Dear all,,,
kindly could you provide me the last upadate dumps for CCNP Route 300-101,SWITCH 300-115,TSHOOT 300-135 exams

Is this simulation? Or only issues fail on exam?

@slothar, not sure what part of your link you read but here is a little section from your link that confirms that for switches running VTP version 3, PVLans can be configured in all modes (it isn’t compulsory to change the mode to Transparent).

– If the switch is running VTP version 1 or 2, you must set VTP to transparent mode. After you configure a private VLAN, you should not change the VTP mode to client or server. For information about VTP, see Chapter14, “Configuring VTP” VTP version 3 supports private VLANs in all modes.
– With VTP version 1 or 2, after you have configured private VLANs, use the copy running-config startup config privileged EXEC command to save the VTP transparent mode configuration and private-VLAN configuration in the switch startup configuration file. Otherwise, if the switch resets, it defaults to VTP server mode, which does not support private VLANs. VTP version 3 does support private VLANs.
– VTP version 1 and 2 do not propagate private-VLAN configuration. You must configure private VLANs on each device where you want private-VLAN ports unless the devices are running VTP version 3.

Q1 I think C is right. VTP 3 isn`t available on all switches so it will be better to set transparent

Q3

Which private VLAN can have only one VLAN and be a secondary VLAN that carries unidirectional traffic upstream from the hosts toward the promiscuous ports and the gateway?

Is A really the correct answer?

According to wikipedia this is not the case, apparently we can have more then one isolated vlan / PVLAN.

https://en.wikipedia.org/wiki/Private_VLAN
“There can be multiple Isolated VLANs in one Private VLAN domain”

Q3 – Conficting information –
Understanding Primary, Isolated, and Community Private VLANs

Primary VLANs and the two types of secondary VLANs (isolated and community) have these characteristics:

Primary VLAN— The primary VLAN carries traffic from the promiscuous ports to the host ports, both isolated and community, and to other promiscuous ports.

Isolated VLAN —An isolated VLAN is a secondary VLAN that carries unidirectional traffic upstream from the hosts toward the promiscuous ports. *****You can configure multiple isolated VLANs in a private VLAN domain; all the traffic remains isolated within each one. Each isolated VLAN can have several isolated ports, and the traffic from each isolated port also remains completely separate.
Community VLAN—A community VLAN is a secondary VLAN that carries upstream traffic from the community ports to the promiscuous port and to other host ports in the same community. You can configure multiple community VLANs in a private VLAN domain. The ports within one community can communicate, but these ports cannot communicate with ports in any other community or isolated VLAN in the private VLAN.

http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli/CLIConfigurationGuide/PrivateVLANs.html

Passed my Switch Exam! 191Q is valid. I’m pretty sure information on this site is helpful but I used study materials from this ebay seller I came across on my CCNA/CCNP Route cert prep journey. He tends to have the latest updates for all the exams he provides. He seems to not have the TShoot Cert Prep but will see if he has that lol. Onto completing my CCNP Certification!

Information to the exam:

37 Multiple Choice Questions
OSPF TShoot Simlet
LACP-STP Simulation
AAAdot1x Simulation

If you would like to use the study materials I used, here is the ebay link:

http://www.ebay.com/itm/-/322387258834?

Cheers and Good Luck!

@perplexed

I believe you are right regarding configuring a router port as promiscuous. Maybe the question wasn’t formulated correctly. Anyone who understands about layer 2 and layer 3 switching and routing will know that only a port that is attached to the switch that supports private-vlans will be configured as “promiscuous,” therefore, if a router, for instance, is attached on the other side of that link, will behave as a normal routing port, and will be configured with an Ip address, so the devices within the vlans can get out from the primary vlan. Think about “multilayer-switch.” You might want to create a virtual interface. In this case you have to map the secondary vlans on that interface.

Are all the answers here confirmed to be correct?

@certprepare

The premium member link is not working for private-vlan.

Plz fix this issue……

You must configure Transparent mode in VTP 2. The question states that you are using vtp 2, and what must be done before you configure vtp 3.

Private VLANs can only be configured when VTP is in transparent/off modes in VTP version 1 or 2 and in server/transparent/off modes in VTP version 3 when pruning is turned off

Guaranteed Latest Stuff to pass exam.
HERE Instant DOWNLOAD (NO fake GROUP)

20 US$ only
D&D – PortFast / BPDU Guard / BPDU Filter (Official)
D&D – Port Cost / Switch Port Priority / Port Priority
D&D – STP Components (Official)
D&D – LLDP-MED TLVs

vtp simplet
AAA Dot1x numbered ACL
LACP-STP on physical interface

ITS INSTANT DOWNLOAD

https://docs.google.com/document/d/1afXgWBvIWTSr8R0Mt-kDRdMmFCI3ytfuSK-1vOyWov0/edit

Q2 isn’t that supposed to be answer A

An isolated port has complete Layer 2 separation from other ports within the same PVLAN. This separation includes broadcasts, and the only exception is the promiscuous port. A privacy grant at the Layer 2 level occurs with the block of outgoing traffic to all isolated ports. Traffic that comes from an isolated port forwards to all promiscuous ports only.

ref https://www.cisco.com/c/en/us/support/docs/lan-switching/private-vlans-pvlans-promiscuous-isolated-community/40781-194.html

just ignore the above, I was looking at wrong question

On which PVLAN type can host ports communicate with promiscuous ports?
A. primary
B. community
C. promiscuous
D. isolated
Answer: A

This question doesn’t make sense at all.

■ Promiscuous: The switch port connects to a router, firewall, or other common gateway
device. This port can communicate with anything else connected to the primary
or any secondary VLAN. In other words, the port is in promiscuous mode, in which
the rules of private VLANs are ignored.
■ Host : The switch port connects to a regular host that resides on an isolated or community
VLAN. The port communicates only with a promiscuous port or ports on
the same community VLAN.

So both community and isolated PVLANs can communicate with promiscuous ports.

An Nonymouse…

You have the following;

PVLANS PORT-Types can be either HOSTS or PROMISCUOUS.
– As set under the interface/port when configuring.

PVLANS Types can be Community (host port-type) Isolated (host port-type) or Primary (Promiscuous port-type)
– As set within the Vlan config.

The question asks “on which PVLAN Type can host ports (***which can be either isolated or community**) communicate with promiscuous ports”

The only PVLAN type that allows this is the Primary.

So yes, both community and isolated PVLANS types can communicate with promiscuous PORT-types like you said, but they are both HOST PORT-types and to communicate with the PROMISCUOUS PORT-type they must use the PRIMARY pvlan type to do so.

Cisco are known to word some questions in a way that really challenges your understanding of things.