Command Line Interface
4-190
4
an associated “primary” VLAN that contains promiscuous ports. When using
an isolated VLAN, it must be configured to contain a single promiscuous port.
• Port membership for private VLANs is static. Once a port has been assigned
to a private VLAN, it cannot be dynamically moved to another VLAN via GVRP.
• Private VLAN ports cannot be set to trunked mode. (See “switchport mode” on
page 4-182.)
Example
private vlan association
Use this command to associate a primary VLAN with a secondary (i.e., community)
VLAN. Use the no form to remove all associations for the specified primary VLAN.
Syntax
private-vlan primary-vlan-id association {secondary-vlan-id |
add secondary-vlan-id | remove secondary-vlan-id}
no private-vlan primary-vlan-id association
• primary-vlan-id - ID of primary VLAN.
(Range: 1-4094, no leading zeroes).
• secondary-vlan-id - ID of secondary (i.e, community) VLAN.
(Range: 1-4094, no leading zeroes).
Default Setting
None
Command Mode
VLAN Configuration
Command Usage
Secondary VLANs provide security for group members. The associated
primary VLAN provides a common interface for access to other network
resources within the primary VLAN (e.g., servers configured with promiscuous
ports) and to resources outside of the primary VLAN (via promiscuous ports).
Example
Console(config)#vlan database
Console(config-vlan)#private-vlan 2 primary
Console(config-vlan)#private-vlan 3 community
Console(config)#
Console(config-vlan)#private-vlan 2 association 3
Console(config)#