Cisco Systems 3560 Manual De Usuario
14-10
Catalyst 3560 Switch Software Configuration Guide
OL-8553-06
Chapter 14 Configuring Private VLANs
Configuring Private VLANs
When you associate secondary VLANs with a primary VLAN, note this syntax information:
•
The secondary_vlan_list parameter cannot contain spaces. It can contain multiple comma-separated
items. Each item can be a single private-VLAN ID or a hyphenated range of private-VLAN IDs.
items. Each item can be a single private-VLAN ID or a hyphenated range of private-VLAN IDs.
•
The secondary_vlan_list parameter can contain multiple community VLAN IDs but only one
isolated VLAN ID.
isolated VLAN ID.
•
Enter a secondary_vlan_list, or use the add keyword with a secondary_vlan_list to associate
secondary VLANs with a primary VLAN.
secondary VLANs with a primary VLAN.
•
Use the remove keyword with a secondary_vlan_list to clear the association between secondary
VLANs and a primary VLAN.
VLANs and a primary VLAN.
•
The command does not take effect until you exit VLAN configuration mode.
This example shows how to configure VLAN 20 as a primary VLAN, VLAN 501 as an isolated VLAN,
and VLANs 502 and 503 as community VLANs, to associate them in a private VLAN, and to verify the
configuration:
and VLANs 502 and 503 as community VLANs, to associate them in a private VLAN, and to verify the
configuration:
Switch# configure terminal
Switch(config)# vlan 20
Switch(config-vlan)# private-vlan primary
Switch(config-vlan)# exit
Switch(config)# vlan 501
Switch(config-vlan)# private-vlan isolated
Switch(config-vlan)# exit
Switch(config)# vlan 502
Step 6
vlan vlan-id
(Optional) Enter VLAN configuration mode and designate or create a
VLAN that will be an isolated VLAN. The VLAN ID range is 2 to 1001
and 1006 to 4094.
VLAN that will be an isolated VLAN. The VLAN ID range is 2 to 1001
and 1006 to 4094.
Step 7
private-vlan isolated
Designate the VLAN as an isolated VLAN.
Step 8
exit
Return to global configuration mode.
Step 9
vlan vlan-id
(Optional) Enter VLAN configuration mode and designate or create a
VLAN that will be a community VLAN. The VLAN ID range is 2 to
1001 and 1006 to 4094.
VLAN that will be a community VLAN. The VLAN ID range is 2 to
1001 and 1006 to 4094.
Step 10
private-vlan community
Designate the VLAN as a community VLAN.
Step 11
exit
Return to global configuration mode.
Step 12
vlan vlan-id
Enter VLAN configuration mode for the primary VLAN designated in
Step 2.
Step 2.
Step 13
private-vlan association [add | remove]
secondary_vlan_list
secondary_vlan_list
Associate the secondary VLANs with the primary VLAN.
Step 14
end
Return to privileged EXEC mode.
Step 15
show vlan private-vlan [type]
or
show interfaces status
Verify the configuration.
Step 16
copy running-config startup config
Save your entries in the switch startup configuration file. To save the
private-VLAN configuration, you need to save the VTP transparent
mode configuration and private-VLAN configuration in the switch
startup configuration file. Otherwise, if the switch resets, it defaults to
VTP server mode, which does not support private VLANs.
private-VLAN configuration, you need to save the VTP transparent
mode configuration and private-VLAN configuration in the switch
startup configuration file. Otherwise, if the switch resets, it defaults to
VTP server mode, which does not support private VLANs.
Command
Purpose