Filter
Top Products
16-6
Catalyst 3750-E and 3560-E Switch Software Configuration Guide
OL-9775-02
Chapter 16 Configuring Private VLANs
Configuring Private VLANs
Private VLANs and Switch Stacks
Private VLANs can operate within the switch stack, and private-VLAN ports can reside on different
stack members. However, some changes to the switch stack can impact private-VLAN operation:
• If a stack contains only one private-VLAN promiscuous port and the stack member that contains
that port is removed from the stack, host ports in that private VLAN lose connectivity outside the
private VLAN.
• If a stack master stack that contains the only private-VLAN promiscuous port in the stack fails or
leaves the stack and a new stack master is elected, host ports in a private VLAN that had its
promiscuous port on the old stack master lose connectivity outside of the private VLAN.
• If two stacks merge, private VLANs on the winning stack are not affected, but private-VLAN
configuration on the losing switch is lost when that switch reboots.
For more information about switch stacks, see Chapter 5, “Managing Switch Stacks.”
Configuring Private VLANs
These sections contain this configuration information:
• Tasks for Configuring Private VLANs, page 16-6
• Default Private-VLAN Configuration, page 16-7
• Private-VLAN Configuration Guidelines, page 16-7
• Configuring and Associating VLANs in a Private VLAN, page 16-10
• Configuring a Layer 2 Interface as a Private-VLAN Host Port, page 16-12
• Configuring a Layer 2 Interface as a Private-VLAN Promiscuous Port, page 16-13
• Mapping Secondary VLANs to a Primary VLAN Layer 3 VLAN Interface, page 16-14
Tasks for Configuring Private VLANs
To configure a private VLAN, perform these steps:
Step 1 Set VTP mode to transparent.
Step 2 Create the primary and secondary VLANs and associate them. See the “Configuring and Associating
VLANs in a Private VLAN” section on page 16-10.
Note If the VLAN is not created already, the private-VLAN configuration process creates it.
Step 3 Configure interfaces to be isolated or community host ports, and assign VLAN membership to the host
port. See the “Configuring a Layer 2 Interface as a Private-VLAN Host Port” section on page 16-12.
Step 4 Configure interfaces as promiscuous ports, and map the promiscuous ports to the primary-secondary
VLAN pair. See the “Configuring a Layer 2 Interface as a Private-VLAN Promiscuous Port” section on
page 16-13.