11-25
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
OL-8978-04
Chapter 11 Configuring VLANs
Configuring Private VLANs on the Switch
Creating a Primary Private VLAN
To create a primary private VLAN, perform this task in privileged mode:
Note You can bind the isolated, community, or two-way community port(s) and associated isolated,
community, or two-way community VLANs to the private VLAN by entering the set pvlan
primary_vlan {isolated_vlan | community_vlan | twoway_community_vlan} mod/port command.
Note The ports do not have to be on the same switch as long as the switches are trunk connected and the private
VLAN has not been removed from the trunk.
Note If you are using the MSFC for your promiscuous port in your private VLAN, use 15/1 as the MSFC
mod/port number if the supervisor engine is in slot 1, or use 16/1 if the supervisor engine is in slot 2.
Note You must enter the set pvlan command everywhere that a private VLAN needs to be created, which
includes the switches with the isolated, community, or two-way community ports, the switches with the
promiscuous ports, and all intermediate switches that need to carry the private VLANs on their trunks.
On the edge switches that do not have any isolated, community, two-way community, or promiscuous
ports (typically, the access switches with no private ports), you do not need to create the private VLANs
and you can prune the private VLANs from the trunks for security reasons.
This example shows how to specify VLAN 7 as the primary VLAN:
Console> (enable) set vlan 7 pvlan-type primary
Vlan 7 configuration successful
Console> (enable)
Task Command
Step 1
Create the primary private VLAN. set vlan vlan pvlan-type primary
Step 2
Set the isolated, community, or two-way
community VLAN(s).
set vlan vlan pvlan-type {isolated | community
| twoway-community}
Step 3
Bind the isolated, community, or two-way
community VLAN(s) to the primary VLAN.
set pvlan primary_vlan {isolated_vlan |
community_vlan | twoway_community_vlan}
Step 4
Associate the isolated, community, or two-way
community port(s) to the primary private VLAN.
set pvlan primary_vlan {isolated_vlan |
community_vlan | twoway_community_vlan}
[mod/ports | sc0]
Step 5
Map the isolated, community, or two-way
community VLAN to the primary private VLAN
on the promiscuous port.
set pvlan mapping primary_vlan {isolated_vlan
| community_vlan | twoway_community_vlan}
mod/ports
Step 6
Verify the primary private VLAN configuration. show pvlan [vlan]
show pvlan mapping
To Next Page
Loading...
Need help?
General