Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX-OS 4.0(1a)N1 (OL-16597-01, January 2009)

ManualsBrandsHP ManualsStorageCisco MDS 9513 with Supervisor 2 Director Switch

131

132

133

134

135

136

137

138

139

140

Send feedback to nx5000-docfeedback@cisco.com

7-9

Cisco Nexus 5000 Series Switch CLI Software Configuration Guide

OL-16597-01

Chapter 7 Configuring Private VLANs

Configuring a Private VLAN

Note We recommend that you enable BPDU Guard on all interfaces configured as a host ports. See

Chapter 10, “Configuring STP Extensions” for information on configuring BPDU Guard.

Ensure that the private VLAN feature is enabled.

To configure an interface as a private VLAN host port, perform this task:

This example shows how to configure the Ethernet port 1/12 as a host port for a private VLAN and

associate it to primary VLAN 5 and secondary VLAN 101:

switch# configure terminal

switch(config)# interface ethernet 1/12

switch(config-if)# switchport mode private-vlan host

switch(config-if)# switchport private-vlan host-association 5 101

To remove the private VLAN association from an interface, perform this task:

Configuring an Interface as a Private VLAN Promiscuous Port

You can configure an interface as a private VLAN promiscuous port, and then you can associate that

promiscuous port with the primary and secondary VLANs.

Ensure that the private VLAN feature is enabled.

To configure an interface as a private VLAN promiscuous port, perform this task:

Command Purpose

Step 1

switch# configure terminal

Enters configuration mode.

Step 2

switch(config)# interface type slot/port

Selects the port to configure as a private VLAN host

port. The interface can be either a physical Ethernet

port.

Step 3

switch(config-if)# switchport mode

private-vlan host

Configures the port as a host port for a private VLAN.

Step 4

switch(config-if)# switchport

private-vlan host-association

{primary-vlan-id} {secondary-vlan-id}

Associates the port with the primary and secondary

VLANs of a private VLAN. The secondary VLAN

can be either an isolated or community VLAN.

Command Purpose

switch(config-if)# no switchport

private-vlan host-association

Removes the private VLAN association from the port.

Command Purpose

Step 1

switch# configure terminal

Enters configuration mode.

Step 2

switch(config)# interface type slot/port

Selects the port to configure as a private VLAN

promiscuous port. A physical interface is required.