CLI Guide
Layer 2 Switching Commands 861
In order to enable Private VLAN operation across multiple switches which are
not stacked, the inter-switch links should carry VLANs which belong to a
private VLAN. The trunk ports which connect neighbor switches have to be
assigned to the primary, isolated, and community VLANs of a private VLAN.
In regular VLANs, ports in the same VLAN switch traffic at L2. However for
private VLAN, the promiscuous port is in the primary VLAN whereas the
isolated or community ports are in the secondary VLAN. Similarly, for
broadcasts, in regular VLANs, ports in the same VLAN receive broadcast
traffic. However, for private VLANs, the ports to which the broadcast traffic is
forwarded depend on the type of port on which the traffic was received. If the
received port is a host port; the traffic is forwarded to all promiscuous and
trunk ports. If the received port is community port the broadcast traffic is
forwarded to promiscuous, trunk and community ports in the same VLAN. A
promiscuous port sends traffic to other promiscuous ports, isolated and
community ports.
Commands in this Section
This section explains the following commands:
interface vlan show port protocol switchport general
acceptable-frame-
type tagged-only
switchport trunk
encapsulation dot1q
interface range vlan show switchport
ethertype
switchport general
allowed vlan
vlan
name (VLAN
Configuration)
show vlan switchport general
ingress-filtering
disable
vlan association mac
private-vlan show vlan
association mac
switchport general
pvid
vlan association subnet
protocol group show vlan
association subnet
switchport mode vlan makestatic
protocol vlan group show vlan private-
vlan
switchport mode
dot1q-tunnel
vlan protocol group
protocol vlan group
all
switchport access
vlan
switchport mode
private-vlan
vlan protocol group add
protocol