Switching Commands
87
ProSafe Managed Switch
primary VLAN can be configured per private VLAN. All ports within a private VLAN share
the same primary VLAN.
• Isolated VLAN—A secondary VLAN that carries traffic from isolated ports to promiscuous
ports. Only one isolated VLAN can be configured per private VLAN.
• Community VLAN—A secondary VLAN that forwards traffic between ports that belong to
the same community and the promiscuous ports. There can be multiple community
VLANs per private VLAN.
Three types of port designations exist within a private VLAN:
• Promiscuous Ports—An endpoint connected to a promiscuous port is allowed to
communicate with any endpoint within the private VLAN. Multiple promiscuous ports can
be defined for a single private VLAN domain.
• Isolated Ports—An endpoint connected to an isolated port is allowed to communicate with
endpoints connected to promiscuous ports only. Endpoints connected to adjacent
isolated ports cannot communicate with each other.
• Community Ports—An endpoint connected to a community port is allowed to
communicate with the endpoints within a community and with any configured
promiscuous port. The endpoints that belong to one community cannot communicate with
endpoints that belong to a different community or with endpoints connected to isolated
ports.
The Private VLANs can be extended across multiple switches through inter-switch/stack links
that transport primary, community and isolated VLANs between devices.
switchport private-vlan
This command is used to define a private-VLAN association for an isolated or community
port or a mapping for a promiscuous port.
Format switchport private-vlan {host-association <primary-vlan-id>
<secondary-vlan-id> | mapping <primary-vlan-id> {add | remove}
<secondary-vlan-list>}
Mode
host-association
mapping
primary-vlan-id
secondary-vlan-id
add
remove
secondary-vlan-list
Interface Config
Term Definition
Defines VLAN association for community or host ports.
Defines the private VLAN mapping for promiscuous ports.
Primary VLAN ID of a private VLAN.
Secondary (isolated or community) VLAN ID of a private VLAN.
Associates the secondary VLAN with the primary one.
Deletes the secondary VLANs from the primary VLAN association.
A list of secondary VLANs to be mapped to a primary VLAN.