Configuring the Switch
3-168
Web – Click VLAN, 802.1Q VLAN, Port Configuration or Trunk Configuration. Fill in
the required settings for each interface, click Apply.
Figure 3-82 Configuring VLAN Ports
CLI – This example sets port 3 to accept only tagged frames, assigns PVID 3 as the
native VLAN ID, enables GVRP, sets the GARP timers, and then sets the switchport
mode to hybrid.
Configuring Private VLANs
Private VLANs provide port-based security between ports, using primary and
secondary VLAN groups. A primary VLAN contains promiscuous ports that can
communicate with all other ports in the private VLAN group, while a secondary (or
community) VLAN contains community ports that can only communicate with other
hosts within the secondary VLAN and with any of the promiscuous ports in the
associated primary VLAN. In all cases, the promiscuous ports are designed to
provide open access to an external network such as the Internet, while the
community ports provide restricted access to local users.
Multiple primary VLANs can be configured on this switch, and multiple community
VLANs can be associated with each primary VLAN. (Note that private VLANs and
normal VLANs can exist simultaneously within the same switch.)
Console(config)#interface ethernet 1/3 4-135
Console(config-if)#switchport acceptable-frame-types tagged 4-197
Console(config-if)#switchport ingress-filtering 4-198
Console(config-if)#switchport native vlan 3 4-199
Console(config-if)#switchport gvrp 4-191
Console(config-if)#garp timer join 20 4-192
Console(config-if)#garp timer leave 90
Console(config-if)#garp timer leaveall 2000
Console(config-if)#switchport mode hybrid 4-197
Console(config-if)#
To Next Page
Loading...
