Administrator Guide
Layer 2 Switching Commands 802
Private VLAN Operation in the Switch Environment
The Private VLAN feature operates in a stacked or single switch environment.
The stack links are transparent to the configured VLAN, thus there is no need
for special private VLAN configuration. Any private VLAN port can reside on
any stack member.
In order to enable Private VLAN operation across multiple switches which are
not stacked, the inter-switch links should carry VLANs which belong to a
private VLAN. The trunk ports which connect neighbor switches have to be
assigned to the primary, isolated, and community VLANs of a private VLAN.
In regular VLANs, ports in the same VLAN switch traffic at L2. However for
private VLAN, the promiscuous port is in the primary VLAN whereas the
isolated or community ports are in the secondary VLAN. Similarly, for
broadcasts, in regular VLANs, ports in the same VLAN receive broadcast
traffic. However, for private VLANs, the ports to which the broadcast traffic is
forwarded depend on the type of port on which the traffic was received. If the
received port is a host port; the traffic is forwarded to all promiscuous and
trunk ports. If the received port is community port the broadcast traffic is
forwarded to promiscuous, trunk and community ports in the same VLAN. A
promiscuous port sends traffic to other promiscuous ports, isolated and
community ports.
Commands in this Section
This section explains the following commands:
interface vlan show port protocol switchport general
acceptable-frame-
type tagged-only
switchport trunk
encapsulation dot1q
interface range vlan show switchport
ethertype
switchport general
allowed vlan
vlan
name (VLAN
Configuration)
show vlan switchport general
ingress-filtering
disable
vlan association mac
private-vlan show vlan
association mac
switchport general
pvid
vlan association subnet