Table of Contents
Advertisement
Chapter 10
Configuring VLANs
Note
You can bind isolated or community VLAN(s) to the primary VLAN without associating the isolated or
community ports to the private VLAN: use the set pvlan primary_vlan_num {isolated_vlan_num |
community_vlan_num} command.
Note
You can change the isolated or community ports associated to the private VLAN without changing the
the isolated or community VLANs binding: use the set pvlan primary_vlan_num {isolated_vlan_num |
community_vlan_num} mod/port command.
Note
Ports do not have to be on the same switch as long as the switches are trunk connected and the private
VLAN has not been removed from the trunk.
Note
You must enter the set pvlan command everywhere that a private VLAN needs to be created. This
includes switches with isolated or community ports, switches with promiscuous ports, and all
intermediate switches that need to carry private VLANs on their trunks. On the edge switches that do
not have any isolated, community, or promiscuous ports (typically, access switches with no private
ports), the private VLANs do not need to be created and can be pruned from the trunks for security
reasons.
The following example shows how to create a private VLAN using VLAN 7 as the primary VLAN,
VLAN 901 as the isolated VLAN, and VLANs 902 and 903 as the community VLANs. VLAN 901 uses
module 4, port 3. VLAN 902 uses module 4, ports 4 through 6. VLAN 903 uses module 4, ports 7
through 9. The router is attached to the promiscuous port 3/1.
Before starting this example, verify that VLANs 7, 901, 902 and 903 have no ports assigned to them by
using the show vlan vlan_num command. If any ports are assigned to one or more of these VLANs, they
must be set to some other VLAN using the set vlan vlan_num {mod/port} command.
This example shows how to specify VLAN 7 as the primary VLAN:
Console> (enable) set vlan 7 pvlan-type primary
Vlan 7 configuration successful
Console> (enable)
This example shows how to specify VLAN 901 as the isolated VLAN and VLANs 902 and 903 as
community VLANs:
Console> (enable) set vlan 901 pvlan-type isolated
Vlan 901 configuration successful
Console> (enable) set vlan 902 pvlan-type community
Vlan 902 configuration successful
Console> (enable) set vlan 903 pvlan-type community
Vlan 903 configuration successful
Console> (enable)
This example shows how to bind VLAN 901 to primary VLAN 7 and assign port 4/3 as the isolated port:
Console> (enable) set pvlan 7 901 4/3
Successfully set the following ports to Private Vlan 7,901: 4/3
Console> (enable)
78-12647-02
Software Configuration Guide—Catalyst 4000 Family, Catalyst 2948G, Catalyst 2980G, Releases 6.3 and 6.4
Configuring Private VLANs
10-11
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
Related Manuals for Cisco WS-C4003 - Catalyst 4000 Chassis Switch
Related Products for Cisco WS-C4003 - Catalyst 4000 Chassis Switch
- Cisco WS-C4503 - Syst. Catalyst 4503 3 Slot Chassis
- Cisco WS-C4506 - Syst. Catalyst 4500 Switch
- Cisco WS-C4506-E - Catalyst 4500 E-chassis
- Cisco WS-C4507R-E - Catalyst Switch
- Cisco WS-C4900M
- Cisco WS-C4948-10GE-E
- Cisco WS-C2960-24TC-S-RF - Catalyst Switch
- Cisco WS-C2980G-A - Catalyst 2980G-A 10/100 Switch