Cisco Catalyst 3650 series Command Reference Manual page 1049
Cisco ios xe everest 16.5.1a
Hide thumbs
Also See for Catalyst 3650 series:
- Hardware installation manual (126 pages) ,
- Configuration manual (94 pages) ,
- Manual (94 pages)
Table of Contents
Advertisement
You can associate a secondary (isolated or community) VLAN with only one primary VLAN. A primary
VLAN can have one isolated VLAN and multiple community VLANs associated with it.
• A secondary VLAN cannot be configured as a primary VLAN.
• The secondary-vlan-list cannot contain spaces. It can contain multiple comma-separated items. Each
• If you delete either the primary or secondary VLANs, the ports associated with the VLAN become
A community VLAN carries traffic among community ports and from community ports to the promiscuous
ports on the corresponding primary VLAN.
An isolated VLAN is used by isolated ports to communicate with promiscuous ports. It does not carry traffic
to other community ports or isolated ports with the same primary VLAN domain.
A primary VLAN is the VLAN that carries traffic from a gateway to customer end stations on private ports.
Configure Layer 3 VLAN interfaces (SVIs) only for primary VLANs. You cannot configure Layer 3 VLAN
interfaces for secondary VLANs. SVIs for secondary VLANs are inactive while the VLAN is configured as
a secondary VLAN.
The private-vlan commands do not take effect until you exit from VLAN configuration mode.
Do not configure private VLAN ports as EtherChannels. While a port is part of the private VLAN configuration,
any EtherChannel configuration for it is inactive.
Do not configure a private VLAN as a Remote Switched Port Analyzer (RSPAN) VLAN.
Do not configure a private VLAN as a voice VLAN.
Do not configure fallback bridging on switches with private VLANs.
Although a private VLAN contains more than one VLAN, only one STP instance runs for the entire private
VLAN. When a secondary VLAN is associated with the primary VLAN, the STP parameters of the primary
VLAN are propagated to the secondary VLAN.
For more information about private VLAN interaction with other features, see the software configuration
guide for this release.
Examples
This example shows how to configure VLAN 20 as a primary VLAN, VLAN 501 as an isolated VLAN, and
VLANs 502 and 503 as community VLANs, and to associate them in a private VLAN:
Device# configure terminal
Device(config)# vlan 20
Device(config-vlan)# private-vlan primary
Device(config-vlan)# exit
Device(config)# vlan 501
Device(config-vlan)# private-vlan isolated
Device(config-vlan)# exit
Device(config)# vlan 502
Device(config-vlan)# private-vlan community
Device(config-vlan)# exit
Device(config)# vlan 503
Device(config-vlan)# private-vlan community
Device(config-vlan)# exit
Device(config)# vlan 20
Device(config-vlan)# private-vlan association 501-503
Device(config-vlan)# end
item can be a single private VLAN ID or a hyphenated range of private VLAN IDs. The list can contain
one isolated VLAN and multiple community VLANs.
inactive.
Command Reference, Cisco IOS XE Everest 16.5.1a (Catalyst 3650 Switches)
private-vlan
1023
Advertisement
Table of Contents
