Table of Contents
Advertisement
Configuring Private VLANs
Private VLANs provide port-based security and isolation between ports within
the assigned VLAN. This switch supports two types of private VLANs: primary/
secondary associated groups, and stand-alone isolated VLANs. A primary VLAN
contains promiscuous ports that can communicate with all other ports in the private
VLAN group, while a secondary (or community) VLAN contains community ports
that can only communicate with other hosts within the secondary VLAN and with any
of the promiscuous ports in the associated primary VLAN. Isolated VLANs, on the
other hand, consist a single stand-alone VLAN that contains one promiscuous port
and one or more isolated (or host) ports. In all cases, the promiscuous ports are
designed to provide open access to an external network such as the Internet, while
the community ports provide restricted access to local users.
Multiple primary VLANs can be configured on this switch, and multiple community
VLANs can be associated with each primary VLAN. One or more isolated VLANs
can also be configured. (Note that private VLANs and normal VLANs can exist
simultaneously within the same switch.)
This section describes commands used to configure private VLANs.
Command
Edit Private VLAN Groups
private-vlan
private-vlan association
Configure Private VLAN Interfaces
switchport mode
private-vlan
switchport private-vlan
host-association
switchport private-vlan
mapping
Display Private VLAN Information
show vlan private-vlan
To configure primary/secondary associated groups, follow these steps:
1.
Use the private-vlan command to designate one or more community VLANs
and the primary VLAN that will channel traffic outside of the community groups.
2.
Use the private-vlan association command to map the community VLAN(s) to
the primary VLAN.
3.
Use the switchport mode private-vlan command to configure ports as
promiscuous (i.e., having access to all ports in the primary VLAN) or host (i.e.,
community port).
Table 4-76
Private VLAN Commands
Function
Adds or deletes primary, community, or isolated VLANs
Associates a community VLAN with a primary VLAN
Sets an interface to host mode or promiscuous mode
Associates an interface with a secondary VLAN
Maps an interface to a primary VLAN
Shows private VLAN information
4
VLAN Commands
Mode
Page
VC
4-272
VC
4-273
IC
4-273
IC
4-274
IC
4-275
NE,
4-275
PE
4-271
- Quick Links:
- System Defaults
- Connecting to the Switch
Hide quick links:
Advertisement
Table of Contents
