Private VLANs (PVLAN) | 395
Creating a Primary VLAN
A primary VLAN is a port-based VLAN that is specifically enabled as a primary VLAN to contain the
promiscuous ports and PVLAN trunk ports for the private VLAN. A primary VLAN also contains a
mapping to secondary VLANs, which are comprised of community VLANs and isolated VLANs. To
create a primary VLAN, follow these steps:
Step Command Syntax Command Mode Purpose
1
interface vlan vlan-id
CONFIGURATION Access INTERFACE VLAN mode for the VLAN you want
to assign the PVLAN interfaces.
2
no shutdown
INTERFACE VLAN Enable the VLAN.
3
private-vlan mode primary
INTERFACE VLAN Set PVLAN mode of the selected VLAN to primary.
4
private-vlan mapping
secondary-vlan
vlan-list
INTERFACE VLAN Map secondary VLANs to the selected primary VLAN.
The list of secondary VLANs can be:
• Specified in comma-delimited (VLAN-ID,VLAN-ID) or
hyphenated-range format (VLAN-ID-VLAN-ID).
• Specified with this command even before they have
been created.
• Amended by specifying the new secondary VLAN to be
added to the list.
5
tagged interface
or
untagged interface
INTERFACE VLAN Add promiscuous ports as tagged or untagged interfaces.
Add PVLAN trunk ports to the VLAN only as tagged
interfaces. Interfaces can be entered singly or in range
format, either comma-delimited (slot/port,port,port) or
hyphenated (slot/port-port).
You can only add promiscuous ports or PVLAN trunk ports
to the PVLAN (no host or regular ports).
6
ip address ip address
INTERFACE VLAN (OPTIONAL) Assign an IP address to the VLAN.
7
ip local-proxy-arp
INTERFACE VLAN (OPTIONAL) Enable/disable Layer 3 communication
between secondary VLANs.
Note: If a promiscuous or host port is untagged in a VLAN and it receives a tagged packet in the same
VLAN, the packet is NOT dropped.
To Next Page
Loading...
