C
OMMAND
L
INE
I
NTERFACE
4-198
Default Setting
None
Command Mode
VLAN Configuration
Command Usage
• Private VLANs are used to restrict traffic to ports within the same
community or isolated VLAN, and channel traffic passing outside the
community through promiscuous ports. When using community
VLANs, they must be mapped to an associated “primary” VLAN that
contains promiscuous ports. When using an isolated VLAN, it must
be configured to contain a single promiscuous port.
• Port membership for private VLANs is static. Once a port has been
assigned to a private VLAN, it cannot be dynamically moved to
another VLAN via GVRP.
• Private VLAN ports cannot be set to trunked mode. (See “switchport
mode” on page -187.)
Example
private vlan association
Use this command to associate a primary VLAN with a secondary (i.e.,
community) VLAN. Use the no form to remove all associations for the
specified primary VLAN.
Syntax
private-vlan primary-vlan-id association {primary-vlan-id | add
secondary-vlan-id | remove secondary-vlan-id}
no private-vlan primary-vlan-id association
• primary-vlan-id - ID of primary VLAN. (Range: 1-4094, no leading
zeroes).
Console(config)#vlan database
Console(config-vlan)#private-vlan 2 primary
Console(config-vlan)#private-vlan 3 community
Console(config)#