Support User Manuals

Cisco Systems 4500 Switch User Manual

Open as PDF

of 1504

39-23

Software Configuration Guide—Release 15.0(2)SG

OL-23818-01

Chapter 39 Configuring Private VLANs

Configuring PVLANs

Capture Mode Disabled

Capture VLANs Allowed: ALL

Unknown unicast blocked: disabled

Unknown multicast blocked: disabled

Appliance trust: none

Permitting Routing of Secondary VLAN Ingress Traffic

Note Isolated, community VLANs, and twoway-community VLANs are called secondary VLANs.

To permit routing of secondary VLAN ingress traffic, perform this task:

When you permit routing on the secondary VLAN ingress traffic, note the following:

• The private-vlan mapping interface configuration command only affects PVLAN ingress traffic

that is Layer 3 switched.

• The secondary_vlan_list parameter cannot contain spaces. It can contain multiple comma-separated

items. Each item can be a single PVLAN ID or a hyphenated range of PVLAN IDs.

• Enter a secondary_vlan_list parameter or use the add keyword with a secondary_vlan_list

parameter to map the secondary VLANs to the primary VLAN.

• Use the remove keyword with a secondary_vlan_list parameter to clear the mapping between

secondary VLANs and the primary VLAN.

This example shows how to permit routing of secondary VLAN ingress traffic from PVLANs 303

through 307, 309, and 440 and verify the configuration:

Switch# configure terminal

Switch(config)# interface vlan 202

Switch(config-if)# private-vlan mapping add 303-307,309,440

Switch(config-if)# end

Switch# show interfaces private-vlan mapping

Interface Secondary VLAN Type

--------- -------------- -----------------

vlan202 303 community

vlan202 304 community

vlan202 305 community

vlan202 306 community

vlan202 307 community

Command Purpose

Step 1

Switch# configure terminal

Enters global configuration mode.

Step 2

Switch(config)# interface vlan primary_vlan_ID

Enters interface configuration mode for the primary

VLAN.

Step 3

Switch(config-if)# [no] private-vlan mapping

primary_vlan_ID {secondary_vlan_list | add

secondary_vlan_list | remove secondary_vlan_list}

To permit routing on the secondary VLAN ingress traffic,

map the secondary VLAN to the primary VLAN.

You can use the no keyword to delete all associations

from the primary VLAN.

Step 4

Switch(config-if)# end

Exits configuration mode.

Step 5

Switch# show interface private-vlan mapping

Verifies the configuration.

previous next