Table of Contents
Advertisement
Chapter 11
Configuring VLANs
Deleting a Private VLAN Mapping
If you delete the private VLAN mapping, the connectivity breaks between the isolated, community, or
two-way community ports and the promiscuous port. If you delete all the mappings on a promiscuous
port, the promiscuous port becomes inactive. When a private VLAN port is set to inactive, it displays
"pvlan-" as its VLAN number in the show port output.
A private VLAN port might be set to inactive for the following reasons:
•
•
•
To delete a port mapping from a private VLAN, perform this task in privileged mode:
Task
Delete the port mapping from the private VLAN. clear pvlan mapping primary_vlan {isolated |
This example shows how to delete the mapping of VLANs 902 to 901, previously set on ports 3/2
through 3/5:
Console> (enable) clear pvlan mapping 901 902 3/2-5
Successfully cleared mapping between 901 and 902 on 3/2-5
Console> (enable)
Private VLAN Support on the MSFC
These items describe private VLAN support on the MSFC:
•
•
•
•
•
•
•
78-13315-02
The primary, isolated, community, or two-way community VLAN to which it belongs is cleared.
All mappings from a non-MSFC promiscuous port are deleted.
An error occurs during the configuration of a port to be a private VLAN port.
Enter the show pvlan command to display information about private VLANs. The show pvlan
command displays information about private VLANs only when the primary private VLAN is up.
Entering a set pvlan mapping or a clear pvlan mapping command on the supervisor engine
generates MSFC syslog messages. See the following for an example:
%PV-6-PV_MSG:Created a private vlan mapping, Primary 100, Secondary 101
%PV-6-PV_MSG:Created a private vlan mapping, Primary 200, Secondary 201
%PV-6-PV_MSG:Purged a private vlan mapping, Primary 100, Secondary 101
Enter an interface vlan command to configure Layer 3 parameters only for primary private VLANs.
On the supervisor engine, you cannot create isolated or community VLANs using VLAN numbers
for which interface vlan commands have been entered on the MSFC.
ARP entries learned on Layer 3 private VLAN interfaces are sticky ARP entries (we recommend
that you display and verify private VLAN interface ARP entries).
For security reasons, private VLAN interface sticky ARP entries do not age out. Connecting new
equipment with the same IP address generates a message and the ARP entry is not created.
Because the private VLAN interface ARP entries do not age out, you must manually remove private
VLAN interface ARP entries if a MAC address changes.
Command
community | twoway-community} {mod/ports}
Catalyst 6000 Family Software Configuration Guide—Releases 6.3 and 6.4
Configuring Private VLANs
11-23
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
