Reference Guide
Private VLANs | 697
Each of the port types can be any type of physical Ethernet port, including port channels (LAGs). For
details on port channels, see Port Channel Interfaces on page 381 in Chapter 19, Interfaces.
For an introduction to VLANs, see Chapter 24, Layer 2.
Private VLAN Commands
The commands dedicated to supporting the Private VLANs feature are:
The outputs of the following commands are augmented in FTOS 7.8.1.0 to provide PVLAN data:
•
show arp: See the IP Routing Commands chapter in the FTOS Command Reference.
•
show vlan: See the Layer 2 Commands chapter in the FTOS Command Reference.
Table 33-1. Private VLAN Commands
Task Command Syntax Command Mode
Enable/disable Layer 3 communication between
secondary VLANs.
[
no] ip local-proxy-arp
Note: Even after ip-local-proxy-arp is
disabled (
no ip-local-proxy-arp) in a
secondary VLAN, Layer 3 communication may
happen between some secondary VLAN hosts,
until the ARP timeout happens on those
secondary VLAN hosts.
INTERFACE VLAN
Set the mode of the selected VLAN to
community, isolated, or primary.
[no] private-vlan mode {community |
isolated | primary}
INTERFACE VLAN
Map secondary VLANs to the selected primary
VLAN.
[no] private-vlan mapping secondary-vlan
vlan-list
INTERFACE VLAN
Display type and status of PVLAN interfaces. show interfaces private-vlan [interface
interface]
EXEC
EXEC Privilege
Display PVLANs and/or interfaces that are part
of a PVLAN.
show vlan private-vlan [community |
interface | isolated | primary | primary_vlan |
interface interface]
EXEC
EXEC Privilege
Display primary-secondary VLAN mapping.
show vlan private-vlan mapping
EXEC
EXEC Privilege
Set the PVLAN mode of the selected port. switchport mode private-vlan {host |
promiscuous | trunk}
INTERFACE
Note: Secondary VLANs are Layer 2 VLANs, so even if they are operationally down while primary VLANs
are operationally up, Layer 3 traffic will still be transmitted across secondary VLANs.