12-10
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
OL-9639-07
Chapter 12 Configuring Private VLANs
Configuring Private VLANs
When you associate secondary VLANs with a primary VLAN, note this syntax information:
• The secondary_vlan_list parameter cannot contain spaces. It can contain multiple comma-separated
items. Each item can be a single private-VLAN ID or a hyphenated range of private-VLAN IDs.
• The secondary_vlan_list parameter can contain multiple community VLAN IDs but only one
isolated VLAN ID.
• Enter a secondary_vlan_list, or use the add keyword with a secondary_vlan_list to associate
secondary VLANs with a primary VLAN.
• Use the remove keyword with a secondary_vlan_list to clear the association between secondary
VLANs and a primary VLAN.
• The private-vlan association VLAN configuration command does not take effect until you exit
VLAN configuration mode.
This example shows how to configure VLAN 20 as a primary VLAN, VLAN 501 as an isolated VLAN,
and VLANs 502 and 503 as community VLANs, to associate them in a private VLAN, and to verify the
configuration. It assumes that VLANs 502 and 503 have previously been configured as UNI-ENI
community VLANs:
Switch# configure terminal
Switch(config)# vlan 20
Switch(config-vlan)# private-vlan primary
Switch(config-vlan)# exit
Switch(config)# vlan 501
Switch(config-vlan)# private-vlan isolated
Switch(config-vlan)# exit
Switch(config)# vlan 502
Switch(config-vlan)# no-uni vlan
Switch(config-vlan)# private-vlan community
Switch(config-vlan)# exit
Switch(config)# vlan 503
Switch(config-vlan)# no-uni vlan
Step 8
vlan vlan-id (Optional) Enter VLAN configuration mode and designate or create a
VLAN that will be a community VLAN. The VLAN ID range is 2 to
1001 and 1006 to 4094.
Note If the VLAN has been configured as a UNI-ENI community
VLAN, you must enter the no uni-vlan VLAN configuration
command before configuring a private VLAN.
Step 9
private-vlan community Designate the VLAN as a community VLAN.
Step 10
exit Return to global configuration mode.
Step 11
vlan vlan-id Enter VLAN configuration mode for the primary VLAN designated in
Step 3.
Step 12
private-vlan association [add | remove]
secondary_vlan_list
Associate the secondary VLANs with the primary VLAN.
Step 13
end Return to privileged EXEC mode.
Step 14
show vlan private-vlan [type]
or
show interfaces status
Verify the configuration.
Step 15
copy running-config startup config (Optional) Save your entries in the switch startup configuration file.
Command Purpose
To Next Page
Loading...
Need help?
General
