Filter
Top Products
CLI (Command Line Interface)
260
NXA-ENET24 - Software Management Guide
Edit Private VLAN Groups
Edit Private VLAN Groups
Command Function
private-vlan
Use this command to create a primary,
isolated or community private VLAN.
Use the no form to remove the specified
private VLAN.
Syntax:
private-vlan vlan-id {community | primary | isolated}
no private-vlan vlan-id
• vlan-id - ID of private VLAN. (Range: 1-4094, no leading zeroes).
• community - A VLAN in which traffic is restricted to port
members.
• primary - A VLAN which can contain one or more community
VLANs, and serves to channel traffic between community
VLANs and other locations.
• isolated – Specifies an isolated VLAN. Ports assigned to an
isolated VLAN can only communicate with promiscuous ports
within their own VLAN.
Default Setting: None
Command Mode: VLAN Configuration
Command Usage: Private VLANs are used to restrict traffic to
ports within the same VLAN “community,” and channel traffic
passing outside the community through promiscuous ports that
have been mapped to the associated “primary” VLAN.
Port membership for private VLANs is static. Once a port has
been assigned to a private VLAN, it cannot be dynamically moved
to another VLAN via GVRP.
Private VLAN ports cannot be set to trunked mode. (See switch-
port mode on page 256.)
Example:
Console(config)#vlan database
Console(config-vlan)#private-vlan 2 primary
Console(config-vlan)#private-vlan 3 community
Console(config)#
private vlan association
Use this command to associate a primary
VLAN with a secondary (i.e., community)
VLAN.
Use the no form to remove all
associations for the specified primary
VLAN.
Syntax:
private-vlan primary-vlan-id association {secondary-
vlan-id | add secondary-vlan-id | remove secondary-
vlan-id}
no private-vlan primary-vlan-id association
• primary-vlan-id - ID of primary VLAN.
(Range: 1-4094, no leading zeroes).
• secondary-vlan-id - ID of secondary (i.e, community) VLAN.
(Range: 1-4094, no leading zeroes).
Default Setting: None
Command Mode: VLAN Configuration
Command Usage: Secondary VLANs provide security for group
members. The associated primary VLAN provides a common
interface for access to other network resources within the primary
VLAN (e.g., servers configured with promiscuous ports) and to
resources outside of the primary VLAN (via promiscuous ports).
Example:
Console(config-vlan)#private-vlan 2 association 3
Console(config)#