Cisco Systems WSC2960XR48FPSI Manual De Usuario
template is configured, use the sdm prefer default global configuration command to set the default
template.
template.
Secondary and Primary VLAN Configuration
Follow these guidelines when configuring private VLANs:
• If the switch is running VTP version 1 or 2, you must set VTP to transparent mode. After you configure
a private VLAN, you should not change the VTP mode to client or server. VTP version 3 supports private
VLANs in all modes.
VLANs in all modes.
• With VTP version 1 or 2, after you have configured private VLANs, use the copy running-config
startup config privileged EXEC command to save the VTP transparent mode configuration and
private-VLAN configuration in the switch startup configuration file. Otherwise, if the switch resets, it
defaults to VTP server mode, which does not support private VLANs. VTP version 3 does support
private VLANs.
private-VLAN configuration in the switch startup configuration file. Otherwise, if the switch resets, it
defaults to VTP server mode, which does not support private VLANs. VTP version 3 does support
private VLANs.
• VTP version 1 and 2 do not propagate private-VLAN configuration. You must configure private VLANs
on each device where you want private-VLAN ports unless the devices are running VTP version 3.
• You cannot configure VLAN 1 or VLANs 1002 to 1005 as primary or secondary VLANs. Extended
VLANs (VLAN IDs 1006 to 4094) can belong to private VLANs.
• A primary VLAN can have one isolated VLAN and multiple community VLANs associated with it. An
isolated or community VLAN can have only one primary VLAN associated with it.
• Although a private VLAN contains more than one VLAN, only one Spanning Tree Protocol (STP)
instance runs for the entire private VLAN. When a secondary VLAN is associated with the primary
VLAN, the STP parameters of the primary VLAN are propagated to the secondary VLAN.
VLAN, the STP parameters of the primary VLAN are propagated to the secondary VLAN.
• You can enable DHCP snooping on private VLANs. When you enable DHCP snooping on the primary
VLAN, it is propagated to the secondary VLANs. If you configure DHCP on a secondary VLAN, the
configuration does not take effect if the primary VLAN is already configured.
configuration does not take effect if the primary VLAN is already configured.
• When you enable IP source guard on private-VLAN ports, you must enable DHCP snooping on the
primary VLAN.
• We recommend that you prune the private VLANs from the trunks on devices that carry no traffic in
the private VLANs.
• You can apply different quality of service (QoS) configurations to primary, isolated, and community
VLANs.
• Note the following considerations for sticky ARP:
◦Sticky ARP entries are those learned on SVIs and Layer 3 interfaces. These entries do not age out.
◦The ip sticky-arp global configuration command is supported only on SVIs belonging to private
VLANs.
◦The ip sticky-arp interface configuration command is only supported on:
◦Layer 3 interfaces
◦SVIs belonging to normal VLANs
◦SVIs belonging to private VLANs
Catalyst 2960-XR Switch VLAN Configuration Guide, Cisco IOS Release 15.0(2)EX1
84
OL-29440-01
Configuring Private VLANs
Secondary and Primary VLAN Configuration