11
VLAN Configuration
Web – Click VLAN, 802.1Q VLAN, 802.1Q Tunnel Configuration or Tunnel Trunk
Configuration. Set the mode for a tunnel access port to 802.1Q Tunnel and a tunnel
uplink port to 802.1Q Tunnel Uplink. Click Apply.
CLI – This example sets port 2 to tunnel access mode, and sets port 3 to tunnel
uplink mode.
Console(config)#interface ethernet 1/2
Console(config-if)#switchport dot1q-tunnel mode access
Console(config-if)#interface ethernet 1/3
Console(config-if)#switchport dot1q-tunnel mode uplink
Console(config-if)#end
Console#show dot1q-tunnel
Current double-tagged status of the system is Enabled
The dot1q-tunnel mode of the set interface 1/1 is Normal mode, TPID is 0x9100.
The dot1q-tunnel mode of the set interface 1/2 is Access mode, TPID is 0x9100.
The dot1q-tunnel mode of the set interface 1/3 is Uplink mode, TPID is 0x9100.
The dot1q-tunnel mode of the set interface 1/4 is Normal mode, TPID is 0x9100.
The dot1q-tunnel mode of the set interface 1/5 is Normal mode, TPID is 0x9100.
The dot1q-tunnel mode of the set interface 1/6 is Normal mode, TPID is 0x9100.
The dot1q-tunnel mode of the set interface 1/7 is Normal mode, TPID is 0x9100.
. .
.
Configuring Private VLANs
Private VLANs provide port-based security and isolation between ports within the
assigned VLAN. Data traffic on downlink ports can only be forwarded to, and from,
uplink ports. (Note that private VLANs and normal VLANs can exist simultaneously
within the same switch.)
11-18
Figure 11-2 Tunnel Port Configuration
x
Uplink Ports
Primary VLAN
(promiscuous ports)
Downlink Ports
Secondary VLAN
(private ports)
27-1
34-15
34-15
34-17