Chapter 10
Configuring Private VLANs
Configuring a Layer 2 Interface as a Private VLAN Promiscuous Port
To configure a Layer 2 interface as a private VLAN promiscuous port, perform this task:
Command
Step 1
Router(config)# interface type
Step 2
Router(config-if)# switchport
Step 3
Router(config-if)# switchport mode private-vlan
{host | promiscuous}
Router(config-if)# no switchport mode
private-vlan
Step 4
Router(config-if)# switchport private-vlan
mapping primary_vlan_ID {secondary_vlan_list |
add secondary_vlan_list | remove
secondary_vlan_list}
Router(config-if)# no switchport private-vlan
mapping
Step 5
Router(config-if)# end
Step 6
Router# show interfaces [type
switchport
1.
type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet
When you configure a Layer 2 interface as a private VLAN promiscuous port, note the following syntax
information:
•
•
•
This example shows how to configure interface FastEthernet 5/2 as a private VLAN promiscuous port
and map it to a private VLAN:
Router# configure terminal
Router(config)# interface fastethernet 5/2
Router(config-if)# switchport mode private-vlan promiscuous
Router(config-if)# switchport private-vlan mapping 202 303,440
Router(config-if)# end
78-14064-04
1
slot/port
1
slot/port]
The secondary_vlan_list parameter cannot contain spaces. It can contain multiple comma-separated
items. Each item can be a single private VLAN ID or a hyphenated range of private VLAN IDs.
Enter a secondary_vlan_list value or use the add keyword with a secondary_vlan_list value to map
the secondary VLANs to the private VLAN promiscuous port.
Use the remove keyword with a secondary_vlan_list value to clear the mapping between secondary
VLANs and the private VLAN promiscuous port.
Purpose
Selects the LAN interface to configure.
Configures the LAN interface for Layer 2 switching:
•
You must enter the switchport command once
without any keywords to configure the LAN interface
as a Layer 2 interface before you can enter additional
switchport commands with keywords.
•
Required only if you have not entered the switchport
command already for the interface.
Configures the Layer 2 port as a private VLAN
promiscuous port.
Clears the private VLAN port configuration.
Maps the private VLAN promiscuous port to a primary
VLAN and to selected secondary VLANs.
Clears all mapping between the private VLAN
promiscuous port and the primary VLAN and any
secondary VLANs.
Exits configuration mode.
Verifies the configuration.
Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E
Configuring Private VLANs
10-9