Chapter 12
Configuring Private VLANs
Configuring a Layer 2 Interface as a Private-VLAN Promiscuous Port
You can configure only NNIs as promiscuous ports. Beginning in privileged EXEC mode, follow these
steps to configure a Layer 2 interface as a private-VLAN promiscuous port and map it to primary and
secondary VLANs:
Note
Isolated and community VLANs are both secondary VLANs.
Command
Step 1
configure terminal
Step 2
interface interface-id
Step 3
switchport mode private-vlan promiscuous
Step 4
switchport private-vlan mapping primary_vlan_id
{add | remove} secondary_vlan_list
Step 5
end
Step 6
show interfaces [interface-id] switchport
Step 7
copy running-config startup config
When you configure a Layer 2 interface as a private-VLAN promiscuous port, note this syntax
information:
•
•
•
This example shows how to configure an NNI as a private-VLAN promiscuous port and map it to a
private VLAN. The interface is a member of primary VLAN 20 and secondary VLANs 501 to 503 are
mapped to it.
Switch# configure terminal
Switch(config)# interface gigabitethernet0/1
Switch(config-if)# switchport mode private-vlan promiscuous
Switch(config-if)# switchport private-vlan mapping 20 add 501-503
Switch(config-if)# end
Use the show vlan private-vlan or the show interface status privileged EXEC command to display
primary and secondary VLANs and private-VLAN ports on the switch.
78-17058-01
The secondary_vlan_list parameter cannot contain spaces. It can contain multiple comma-separated
items. Each item can be a single private-VLAN ID or a hyphenated range of private-VLAN IDs.
Enter a secondary_vlan_list, or use the add keyword with a secondary_vlan_list to map the
secondary VLANs to the private-VLAN promiscuous port.
Use the remove keyword with a secondary_vlan_list to clear the mapping between secondary
VLANs and the private-VLAN promiscuous port.
Purpose
Enter global configuration mode.
Enter interface configuration mode for the Layer 2
interface to be configured. The interface must be an NNI.
Note
If the interface is a UNI, you must enter the
port-type nni interface configuration command
before configuring it as a promiscuous port.
Configure the Layer 2 NNI port as a private-VLAN
promiscuous port.
Map the private-VLAN promiscuous port to a primary
VLAN and to selected secondary VLANs.
Return to privileged EXEC mode.
Verify the configuration.
(Optional) Save your entries in the switch startup
configuration file.
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
Configuring Private VLANs
12-13