C
ONFIGURING
THE
S
WITCH
3-156
CLI – This example sets port 3 to accept only tagged frames, assigns
PVID 3 as the native VLAN ID, enables GVRP, sets the GARP timers,
and then sets the switchport mode to hybrid.
Private VLANs
Private VLANs provide port-based security and isolation between ports
within the assigned VLAN. This switch supports two types of private
VLANs: primary/secondary associated groups, and stand-alone isolated
VLANs. A primary VLAN contains promiscuous ports that can
communicate with all other ports in the private VLAN group, while a
secondary (or community) VLAN contains community ports that can
only communicate with other hosts within the secondary VLAN and with
any of the promiscuous ports in the associated primary VLAN. Isolated
VLANs, on the other hand, consist a single stand-alone VLAN that
contains one promiscuous port and one or more isolated (or host) ports.
In all cases, the promiscuous ports are designed to provide open access to
an external network such as the Internet, while the community or isolated
ports provide restricted access to local users.
Multiple primary VLANs can be configured on this switch, and multiple
community VLANs can be associated with each primary VLAN. One or
more isolated VLANs can also be configured. (Note that private VLANs
and normal VLANs can exist simultaneously within the same switch.)
To configure primary/secondary associated groups, follow these steps:
1. Use the Private VLAN Configuration menu (page 3-159) to designate
one or more community VLANs, and the primary VLAN that will
channel traffic outside of the VLAN groups.
Console(config)#interface ethernet 1/3 4-144
Console(config-if)#switchport acceptable-frame-types tagged 4-202
Console(config-if)#switchport ingress-filtering 4-203
Console(config-if)#switchport native vlan 3 4-204
Console(config-if)#switchport gvrp 4-219
Console(config-if)#garp timer join 20 4-220
Console(config-if)#garp timer leave 90 4-220
Console(config-if)#garp timer leaveall 2000 4-220
Console(config-if)#switchport mode hybrid 4-201
Console(config-if)#