Command Line Interface
4-204
4
private-vlan
Use this command to create a primary or community VLAN. Use the no form to
remove the specified private VLAN.
Syntax
private-vlan vlan-id {community | primary}
no private-vlan vlan-id
• vlan-id - ID of private VLAN. (Range: 1-4093, no leading zeroes).
• community – A VLAN in which traffic is restricted to host members in the
same VLAN and to promiscuous ports in the associate primary VLAN.
• primary – A VLAN which can contain one or more community VLANs, and
serves to channel traffic between community VLANs and other locations.
Default Setting
None
Command Mode
VLAN Configuration
Command Usage
• Private VLANs are used to restrict traffic to ports within the same community
VLAN, and channel traffic passing outside the community through
promiscuous ports. When using community VLANs, they must be mapped to
an associated “primary” VLAN that contains promiscuous ports.
• Port membership for private VLANs is static. Once a port has been assigned
to a private VLAN, it cannot be dynamically moved to another VLAN via
GVRP.
• Private VLAN ports cannot be set to trunked mode. (See switchport mode
on page 4-197.)
Example
Console(config)#vlan database
Console(config-vlan)#private-vlan 2 primary
Console(config-vlan)#private-vlan 3 community
Console(config)#
To Next Page
Loading...
