Configuring Private VLANs
Private VLANs provide port-based security and isolation between ports within the
assigned VLAN. This section describes commands used to configure private VlANs.
Table 34-7 Private VLAN Commands
Command Function Mode Page
pvlan Enables and configured private VLANS GC 34-18
show pvlan Displays the configured private VLANS PE 34-19
pvlan
This command enables or configures a private VLAN. Use the
no
form to disable the
private VLAN.
Syntax
pvlan
[
up-link
interface-list
down-link
interface-list]
no pvlan
• up-link – Specifies an uplink interface.
• down-link – Specifies a downlink interface.
Default Setting
No private VLANs are defined.
Command Mode
Global Configuration
Command Usage
• A private VLAN provides port-based security and isolation between ports
within the VLAN. Data traffic on the downlink ports can only be forwarded to,
and from, the uplink port. Data cannot pass between downlink ports in the
same private VLAN, nor to ports which do not belong to a private VLAN.
• Any port can be defined as an uplink port or downlink port, but cannot
configured to serve both roles.
• Private VLANs and normal VLANs can exist simultaneously within the same
switch. Traffic may pass freely between uplink ports in private VLANs and
ports in normal VLANs.
• Enter the
pvlan
command without any parameters to enable the private VLAN
functions. Then set the interface members for the private VLAN.
• Enter no pvlan to disable private VLAN functions and clear the configuration
settings for the PVLAN.
34-18
VLAN Commands
34