Chapter 15
Configuring Private VLANs
•
Configuring Private VLANs
These sections contain configuration information:
•
•
•
•
•
Note
If the VLAN is not defined already, the private VLAN configuration process defines it.
Configuring a VLAN as a Private VLAN
To configure a VLAN as a private VLAN, perform this task:
Command
Step 1
Router(config)# vlan vlan_ID
Step 2
Router(config-vlan)# private-vlan {community |
isolated | primary}
Router(config-vlan)# no private-vlan {community |
isolated | primary}
OL-4266-08
If one port within the group of 12 ports is one of these ports listed and has the above properties, any
isolated or community VLAN configuration for other ports within the 12 ports is inactive. To
reactivate the ports, remove the isolated or community VLAN port configuration and enter the
shutdown and no shutdown commands.
These restrictions apply when you configure groups of 24 ports as secondary ports:
In all releases, this 24-port restriction applies to the WS-X6548-GE-TX and WS-X6148-GE-TX
10/100/1000 Mb Ethernet switching modules.
Within groups of 24 ports (1–24, 25–48), do not configure ports as isolated ports or community
VLAN ports when one port within the group of 24 ports is any of these:
A trunk port
–
A SPAN destination port
–
A promiscuous private VLAN port
–
In releases where CSCsb44185 is resolved, a port that has been configured with the switchport
–
mode dynamic auto or switchport mode dynamic desirable command.
If one port within the group of 24 ports is one of these ports listed and has the above properties, any
isolated or community VLAN configuration for other ports within the 24 ports is inactive. To
reactivate the ports, remove the isolated or community VLAN port configuration and enter the
shutdown and no shutdown commands.
Configuring a VLAN as a Private VLAN, page 15-11
Associating Secondary VLANs with a Primary VLAN, page 15-12
Mapping Secondary VLANs to the Layer 3 VLAN Interface of a Primary VLAN, page 15-13
Configuring a Layer 2 Interface as a Private VLAN Host Port, page 15-14
Configuring a Layer 2 Interface as a Private VLAN Promiscuous Port, page 15-15
Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX
Purpose
Enters VLAN configuration submode.
Configures a VLAN as a private VLAN.
Clears the private VLAN configuration.
These commands do not take effect until you exit
Note
VLAN configuration submode.
Configuring Private VLANs
15-11