CLI – This example sets port 2 to tunnel mode, indicates that the TPID used for
802.1Q tagged frames will be 9100 hexadecimal, and enables address monitor
mode to pass traffic between the management VLANs and the tunnel port.
Console(config)#interface ethernet 1/2
Console(config-if)#switchport mode dot1q-tunnel
Console(config-if)#switchport dot1q-ethertype 9100
Console(config-if)#
Console#sh dot1q-tunnel
Dot1q-Tunnel Port List
--------
eth 1/2
Total 1 Dot1q-Tunnel Ports, 0 Dot1q-Tunnel Port-Channel
Console#
Configuring Private VLANs
Private VLANs provide port-based security and isolation between ports within the
assigned VLAN. Data traffic on downlink ports can only be forwarded to, and from,
uplink ports. (Note that private VLANs and normal VLANs can exist simultaneously
within the same switch.)
Enabling Private VLANs
Use the Private VLAN Status page to enable/disable the Private VLAN function.
Web – Click VLAN, Private VLAN, Status. Select Enable or Disable from the
scroll-down box, and click Apply.
CLI – This example enables private VLANs.
Console(config)#pvlan
Console(config)#
Uplink Ports
Primary VLAN
(promiscuous ports)
x
Figure 12-9 Private VLAN Status
Configuring Private VLANs
Downlink Ports
Secondary VLAN
(private ports)
12
24-1
30-21
30-22
30-21
30-14
12-17