Advertisement
Private VLAN (PVLAN)
Overview
Starting with FTOS 7.8.1.0, the Private VLAN (PVLAN) feature of FTOS is available for the C-Series
and S-Series:
Commands
•
•
•
•
•
•
•
See also the following commands. The command output is augmented in FTOS 7.8.1.0 to provide
PVLAN data:
•
•
Private VLANs extend the FTOS security suite by providing Layer 2 isolation between ports within the
same private VLAN. A private VLAN partitions a traditional VLAN into subdomains identified by a
primary and secondary VLAN pair.
The FTOS private VLAN implementation is based on RFC 3069.
Private VLAN Concepts
Primary VLAN:
The primary VLAN is the base VLAN and can have multiple secondary VLANs. There are two types of
secondary VLAN — community VLAN and isolated VLAN:
•
•
c s
ip local-proxy-arp
private-vlan mode
private-vlan mapping secondary-vlan
show interfaces private-vlan
show vlan private-vlan
show vlan private-vlan mapping
switchport mode private-vlan
show arp
in
Chapter 24, IPv4 Routing
show vlan
in
Chapter 30, Layer 2
A primary VLAN can have any number of community VLANs and isolated VLANs.
Private VLANs block all traffic to isolated ports except traffic from promiscuous ports. Traffic
received from an isolated port is forwarded only to promiscuous ports or trunk ports.
45
Private VLAN (PVLAN) | 1155
Advertisement
