C
HAPTER
36
| VLAN Commands
Configuring Private VLANs
– 851 –
â—† Enter no traffic-segmentation to disable traffic segmentation and
clear the configuration settings for segmented groups.
EXAMPLE
This example enables traffic segmentation, and then sets port 12 as the
uplink and ports 5-8 as downlinks.
Console(config)#traffic-segmentation
Console(config)#traffic-segmentation uplink ethernet 1/12
downlink ethernet 1/5-8
Console(config)#
show traffic-
segmentation
This command displays the configured traffic segments.
COMMAND MODE
Privileged Exec
EXAMPLE
Console#show traffic-segmentation
Private VLAN status: Disabled
Up-link Port:
Ethernet 1/12
Down-link Port:
Ethernet 1/5
Ethernet 1/6
Ethernet 1/7
Ethernet 1/8
Console#
CONFIGURING PRIVATE VLANS
Private VLANs provide port-based security and isolation of local ports
contained within different private VLAN groups. This switch supports two
types of private VLANs – primary and community groups. A primary VLAN
contains promiscuous ports that can communicate with all other ports in
the associated private VLAN groups, while a community (or secondary)
VLAN contains community ports that can only communicate with other
hosts within the community VLAN and with any of the promiscuous ports in
the associated primary VLAN. The promiscuous ports are designed to
provide open access to an external network such as the Internet, while the
community ports provide restricted access to local users.
Multiple primary VLANs can be configured on this switch, and multiple
community VLANs can be associated with each primary VLAN. (Note that
private VLANs and normal VLANs can exist simultaneously within the same
switch.)
This section describes commands used to configure private VLANs.
To Next Page
Loading...
Need help?
General
