Configuring Private Vlans; Enabling Private Vlans; Private Vlan Status - Edge-Core ES3628C Management Manual

3
Configuring the Switch
CLI – This example sets port 3 to accept only tagged frames, assigns PVID 3 as the
native VLAN ID, enables GVRP, sets the GARP timers, and then sets the switchport
mode to hybrid.
Console(config)#interface ethernet 1/3
Console(config-if)#switchport acceptable-frame-types tagged
Console(config-if)#switchport ingress-filtering
Console(config-if)#switchport native vlan 3
Console(config-if)#switchport gvrp
Console(config-if)#garp timer join 20
Console(config-if)#garp timer leave 90
Console(config-if)#garp timer leaveall 2000
Console(config-if)#switchport mode hybrid
Console(config-if)#

Configuring Private VLANs

Private VLANs provide port-based security and isolation between ports within the
assigned VLAN. Data traffic on downlink ports can only be forwarded to, and from,
uplink ports. (Note that private VLANs and normal VLANs can exist simultaneously
within the same switch.)

Enabling Private VLANs

Use the Private VLAN Status page to enable/disable the Private VLAN function.
Web – Click VLAN, Private VLAN, Status. Select Enable or Disable from the
scroll-down box, and click Apply.
CLI – This example enables private VLANs.
Console(config)#pvlan
Console(config)#
3-146
Uplink Ports
Primary VLAN
(promiscuous ports)
x
Figure 3-81 Private VLAN Status
Downlink Ports
Secondary VLAN
(private ports)
4-143
4-192
4-192
4-193
4-203
4-204
4-191
4-197