Understanding Private Vlans - Cisco 3750G - Catalyst Integrated Wireless LAN Controller Configuration Manual

Configuring Private VLANs
This chapter describes how to configure private VLANs on the Catalyst 3750 switch. Unless otherwise
noted, the term switch refers to a standalone switch and to a switch stack.
For complete syntax and usage information for the commands used in this chapter, see the command
Note
reference for this release.
The chapter consists of these sections:
•
•
•
When you configure private VLANs, the switch must be in VTP transparent mode. See
Note
"Configuring VTP."

Understanding Private VLANs

The private-VLAN feature addresses two problems that service providers face when using VLANs:
•
•
Using private VLANs addresses the scalability problem and provides IP address management benefits
for service providers and Layer 2 security for customers. Private VLANs partition a regular VLAN
domain into subdomains. A subdomain is represented by a pair of VLANs: a primary VLAN and a
secondary VLAN. A private VLAN can have multiple VLAN pairs, one pair for each subdomain. All
VLAN pairs in a private VLAN share the same primary VLAN. The secondary VLAN ID differentiates
one subdomain from another. See
OL-8550-02
Understanding Private VLANs, page 16-1
Configuring Private VLANs, page 16-6
Monitoring Private VLANs, page 16-15
Scalability: The switch supports up to 1005 active VLANs. If a service provider assigns one VLAN
per customer, this limits the numbers of customers the service provider can support.
To enable IP routing, each VLAN is assigned a subnet address space or a block of addresses, which
can result in wasting the unused IP addresses, and cause IP address management problems.
C H A P T E R
Figure 16-1.
Catalyst 3750 Switch Software Configuration Guide
16
Chapter 14,
16-1