user manual

If the switch is running VTP version 1 or 2, you must set VTP to transparent mode. After you configure

With VTP version 1 or 2, after you have configured private VLANs, use the copy running-config

startup config privileged EXEC command to save the VTP transparent mode configuration and

private-VLAN configuration in the switch startup configuration file. Otherwise, if the switch resets, it

defaults to VTP server mode, which does not support private VLANs. VTP version 3 does support

private VLANs.

VTP version 1 and 2 do not propagate private-VLAN configuration. You must configure private VLANs

on each device where you want private-VLAN ports unless the devices are running VTP version 3.

Although a private VLAN contains more than one VLAN, only one Spanning Tree Protocol (STP)

instance runs for the entire private VLAN. When a secondary VLAN is associated with the primary

VLAN, the STP parameters of the primary VLAN are propagated to the secondary VLAN.

You can enable DHCP snooping on private VLANs. When you enable DHCP snooping on the primary

VLAN, it is propagated to the secondary VLANs. If you configure DHCP on a secondary VLAN, the

configuration does not take effect if the primary VLAN is already configured.

When you enable IP source guard on private-VLAN ports, you must enable DHCP snooping on the

VLANs.

Note the following considerations for sticky ARP:

Sticky ARP entries are those learned on SVIs and Layer 3 interfaces. These entries do not age out.

The ip sticky-arp global configuration command is supported only on SVIs belonging to private

VLANs.

The ip sticky-arp interface configuration command is only supported on: