Filter
Top Products
39-10
Software Configuration Guide—Release 15.0(2)SG
OL-23818-01
Chapter 39 Configuring Private VLANs
PVLAN Commands
PVLANs and SVIs
In a Layer 3 switch, a switch virtual interface (SVI) represents the Layer 3 interface of a VLAN. Layer 3
devices communicate with a PVLAN only using the primary VLAN and not through secondary VLANs.
Configure Layer 3 VLAN interfaces (SVIs) only for primary VLANs. You cannot configure Layer 3
VLAN interfaces for secondary VLANs. SVIs for secondary VLANs are inactive while the VLAN is
configured as a secondary VLAN.
• If you try to configure a VLAN with an active SVI as a secondary VLAN, the configuration is not
allowed until you disable the SVI.
• If you try to create an SVI on a VLAN that is configured as a secondary VLAN and the secondary
VLAN is already mapped at Layer 3, the SVI is not created, and an error is returned. If the SVI is
not mapped at Layer 3, the SVI is created, but it is automatically shut down.
When the primary VLAN is associated with and mapped to the secondary VLAN, any configuration on
the primary VLAN is propagated to the secondary VLAN SVIs. For example, if you assign an IP subnet
to the primary VLAN SVI, this subnet is the IP subnet address of the entire PVLAN.
Per-Virtual Port Error-Disable on PVLANs
For PVLANs, per-virtual port error-disable behavior is defined as follows:
• On a PVLAN promiscuous or promiscuous trunk ports, if a violation occurs on the primary VLAN,
it is error-disabled.
• On a PVLAN host or trunk port, if a violation occurs on the secondary VLAN, the associated
primary VLAN is error-disabled.
• On a standard trunk port that carries both primary and secondary VLANs, if a violation occurs on
the primary VLAN, this VLAN and all its associated secondary VLANs are error-disabled. If a
violation occurs on a secondary VLAN, the associated primary VLAN and all its associated
secondary VLANs are error-disabled.
PVLAN Commands
This table lists the commands most commonly used with PVLANs.
Command Purpose Location
private-vlan {community |
twoway-community | isolated |
primary}
Configures a VLAN as a PVLAN. Configuring a VLAN as a PVLAN,
page 39-15
private-vlan association
{secondary_vlan_list | add
secondary_vlan_list | remove
secondary_vlan_list}
Associates the secondary VLAN
with the primary VLAN.
The list can contain only one isolated
VLAN ID; it can also contain
multiple community VLAN IDs.
Associating a Secondary VLAN with
a Primary VLAN, page 39-16
show vlan private-vlan [type] Verifies the configuration. Configuring a VLAN as a PVLAN,
page 39-15
Associating a Secondary VLAN with
a Primary VLAN, page 39-16