Private VLANs (PVLAN) | 799
Creating a Primary VLAN
A primary VLAN is a port-based VLAN that is specifically enabled as a primary VLAN to contain the
promiscuous ports and PVLAN trunk ports for the private VLAN. A primary VLAN also contains a
mapping to secondary VLANs, which are comprised of community VLANs and isolated VLANs.
Step Command Syntax Command Mode Purpose
1
interface vlan vlan-id
CONFIGURATION Access the INTERFACE VLAN mode for the VLAN to
which you want to assign the PVLAN interfaces.
2
no shutdown
INTERFACE VLAN Enable the VLAN.
3
private-vlan mode
primary
INTERFACE VLAN Set the PVLAN mode of the selected VLAN to primary.
4
private-vlan mapping
secondary-vlan
vlan-list
INTERFACE VLAN Map secondary VLANs to the selected primary VLAN.
The list of secondary VLANs can be:
• Specified in comma-delimited (
VLAN-ID,VLAN-ID) or
hyphenated-range format (VLAN-ID-VLAN-ID).
• Specified with this command even before they have
been created.
• Amended by specifying the new secondary VLAN to be
added to the list.
5
tagged interface
or
untagged interface
INTERFACE VLAN Add promiscuous ports as tagged or untagged interfaces.
Add PVLAN trunk ports to the VLAN only as tagged
interfaces. Interfaces can be entered singly or in range
format, either comma-delimited (slot/port,port,port) or
hyphenated (slot/port-port).
Only promiscuous ports or PVLAN trunk ports can be
added to the PVLAN (no host or regular ports).
6
ip address ip address
INTERFACE VLAN (OPTIONAL) Assign an IP address to the VLAN.
7
ip local-proxy-arp
INTERFACE VLAN (OPTIONAL) Enable/disable Layer 3 communication
between secondary VLANs.
Note: If a promiscuous or host port is untagged in a VLAN and it receives a tagged packet in the same
VLAN, the packet will NOT be dropped.
To Next Page
Loading...
