Private VLAN (PVLAN) | 1155
45
Private VLAN (PVLAN)
Overview
Starting with FTOS 7.8.1.0, the Private VLAN (PVLAN) feature of FTOS is available for the C-Series
and S-Series: c s
Commands
• ip local-proxy-arp
• private-vlan mode
• private-vlan mapping secondary-vlan
• show interfaces private-vlan
• show vlan private-vlan
• show vlan private-vlan mapping
• switchport mode private-vlan
See also the following commands. The command output is augmented in FTOS 7.8.1.0 to provide
PVLAN data:
• show arp in Chapter 24, IPv4 Routing
• show vlan in Chapter 30, Layer 2
Private VLANs extend the FTOS security suite by providing Layer 2 isolation between ports within the
same private VLAN. A private VLAN partitions a traditional VLAN into subdomains identified by a
primary and secondary VLAN pair.
The FTOS private VLAN implementation is based on RFC 3069.
Private VLAN Concepts
Primary VLAN:
The primary VLAN is the base VLAN and can have multiple secondary VLANs. There are two types of
secondary VLAN — community VLAN and isolated VLAN:
• A primary VLAN can have any number of community VLANs and isolated VLANs.
• Private VLANs block all traffic to isolated ports except traffic from promiscuous ports. Traffic
received from an isolated port is forwarded only to promiscuous ports or trunk ports.
To Next Page
Loading...
