Owners Manual Hub/Switch 16 10BASE-T, 100BASE-TX

VLAN Commands

4-155

private-vlan

Use this command to create a primary, isolated or community private VLAN. Use the

no form to remove the specified private VLAN.

Syntax

private-vlan vlan-id {community | primary | isolated}

no private-vlan vlan-id

• vlan-id - ID of private VLAN. (Range: 1-4094, no leading zeroes).

• community - A VLAN in which traffic is restricted to port members.

• primary - A VLAN which can contain one or more community VLANs, and

serves to channel traffic between community VLANs and other locations.

• isolated – Specifies an isolated VLAN. Ports assigned to an isolated VLAN

can only communicate with promiscuous ports within their own VLAN.

Default Setting

None

Command Mode

VLAN Configuration

Command Usage

• Private VLANs are used to restrict traffic to ports within the same VLAN

“community,” and channel traffic passing outside the community through

promiscuous ports that have been mapped to the associated “primary” VLAN.

• Port membership for private VLANs is static. Once a port has been assigned

to a private VLAN, it cannot be dynamically moved to another VLAN via GVRP.

• Private VLAN ports cannot be set to trunked mode. (See “switchport mode” on

page 4-148.)

Example

Console(config)#vlan database

Console(config-vlan)#private-vlan 2 primary

Console(config-vlan)#private-vlan 3 community

Console(config)#