Configuring And Associating Vlans In A Private Vlan - Cisco ME 3400 Software Configuration Manual
Ethernet access switch
Hide thumbs
Also See for ME 3400:
- Command reference manual (950 pages) ,
- Hardware installation manual (88 pages) ,
- Getting started manual (33 pages)
Table of Contents
Advertisement
Chapter 12
Configuring Private VLANs
•
•
•
•
Configuring and Associating VLANs in a Private VLAN
Beginning in privileged EXEC mode, follow these steps to configure a private VLAN:
Note
The private-vlan commands do not take effect until you exit VLAN configuration mode.
Command
Step 1
configure terminal
Step 2
vlan vlan-id
Step 3
private-vlan primary
Step 4
exit
Step 5
vlan vlan-id
Step 6
private-vlan isolated
Step 7
exit
OL-9639-07
You can configure 802.1x port-based authentication on a private-VLAN port, but do not configure
IEEE 802.1x with port security on private-VLAN ports.
A private-VLAN host or promiscuous port cannot be a SPAN destination port. If you configure a
SPAN destination port as a private-VLAN port, the port becomes inactive.
If you configure a static MAC address on a promiscuous port in the primary VLAN, you must add
the same static address to all associated secondary VLANs. If you configure a static MAC address
on a host port in a secondary VLAN, you must add the same static MAC address to the associated
primary VLAN. When you delete a static MAC address from a private-VLAN port, you must remove
all instances of the configured MAC address from the private VLAN.
Dynamic MAC addresses learned in one VLAN of a private VLAN are replicated in the
Note
associated VLANs. For example, a MAC address learned in a secondary VLAN is replicated
in the primary VLAN. When the original dynamic MAC address is deleted or aged out, the
replicated addresses are removed from the MAC address table.
Configure Layer 3 VLAN interfaces only for primary VLANs.
Purpose
Enter global configuration mode.
Enter VLAN configuration mode and designate or create a VLAN that
will be the primary VLAN. The VLAN ID range is 2 to 1001 and 1006
to 4094.
If the VLAN has been configured as a UNI-ENI community
Note
VLAN, you must enter the no uni-vlan VLAN configuration
command before configuring a private VLAN.
Designate the VLAN as the primary VLAN.
Return to global configuration mode.
(Optional) Enter VLAN configuration mode and designate or create a
VLAN that will be an isolated VLAN. The VLAN ID range is 2 to 1001
and 1006 to 4094.
Designate the VLAN as an isolated VLAN.
Return to global configuration mode.
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
Configuring Private VLANs
12-9
- Quick Links:
- Performance Features
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
