Configuring Private VLANs
This chapter describes how to configure private VLANs on the Cisco 7600 series routers. Release 12.1 E
supports private VLANs with Release 12.1(11b)E and later.
Note
For complete syntax and usage information for the commands used in this chapter, refer to the
Cisco 7600 Series Router Cisco IOS Command Reference publication.
This chapter consists of these sections:
•
•
•
Understanding How Private VLANs Work
Note
To configure private VLANs, the router must be in VTP transparent mode.
Private VLANs provide Layer 2 isolation between ports within the same private VLAN. There are three
types of private VLAN ports:
•
•
•
78-14064-04
Understanding How Private VLANs Work, page 10-1
Private VLAN Configuration Guidelines, page 10-2
Configuring Private VLANs, page 10-4
Promiscuous—A promiscuous port can communicate with all interfaces, including the community
and isolated ports within a private VLAN.
Isolated—An isolated port has complete Layer 2 separation from other ports within the same private
VLAN except for the promiscuous port. Private VLANs block all traffic to isolated ports except
traffic from promiscuous ports. Traffic received from an isolated port is forwarded only to
promiscuous ports.
Community—Community ports communicate among themselves and with their promiscuous ports.
These interfaces are isolated at Layer 2 from all other interfaces in other communities or isolated
ports within their private VLAN.
Because trunks can support the VLANs carrying traffic between isolated, community, and
Note
promiscuous ports, isolated and community port traffic might enter or leave the switch
through a trunk interface.
Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E
C H A P T E R
10
10-1