User's Manual
Table Of Contents
- Cisco Nexus 3000 NX-OS Layer 2 Switching Configuration Guide, Release 5.0(3)U3(1)
- Contents
- Preface
- New and Changed Information for this Release
- Overview
- Configuring Ethernet Interfaces
- Information About Ethernet Interfaces
- Configuring Ethernet Interfaces
- Configuring the UDLD Mode
- Changing an Interface Port Mode
- Configuring Interface Speed
- Disabling Link Negotiation
- Configuring the CDP Characteristics
- Enabling or Disabling CDP
- Enabling the Error-Disabled Detection
- Enabling the Error-Disabled Recovery
- Configuring the Error-Disabled Recovery Interval
- Configuring the Debounce Timer
- Configuring the Description Parameter
- Disabling and Restarting Ethernet Interfaces
- Displaying Interface Information
- Displaying Input Packet Discard Information
- Default Physical Ethernet Settings
- Configuring VLANs
- Configuring Private VLANs
- Information About Private VLANs
- Guidelines and Limitations for Private VLANs
- Configuring a Private VLAN
- Enabling Private VLANs
- Configuring a VLAN as a Private VLAN
- Associating Secondary VLANs with a Primary Private VLAN
- Configuring an Interface as a Private VLAN Host Port
- Configuring an Interface as a Private VLAN Promiscuous Port
- Configuring a Promiscuous Trunk Port
- Configuring an Isolated Trunk Port
- Configuring the Allowed VLANs for PVLAN Trunking Ports
- Configuring Native 802.1Q VLANs on Private VLANs
- Verifying the Private VLAN Configuration
- Configuring Access and Trunk Interfaces
- Configuring Switching Modes
- Configuring Rapid PVST+
- Information About Rapid PVST+
- Understanding STP
- Understanding Rapid PVST+
- Rapid PVST+ and IEEE 802.1Q Trunks
- Rapid PVST+ Interoperation with Legacy 802.1D STP
- Rapid PVST+ Interoperation with 802.1s MST
- Configuring Rapid PVST+
- Enabling Rapid PVST+
- Enabling Rapid PVST+ per VLAN
- Configuring the Root Bridge ID
- Configuring a Secondary Root Bridge
- Configuring the Rapid PVST+ Port Priority
- Configuring the Rapid PVST+ Pathcost Method and Port Cost
- Configuring the Rapid PVST+ Bridge Priority of a VLAN
- Configuring the Rapid PVST+ Hello Time for a VLAN
- Configuring the Rapid PVST+ Forward Delay Time for a VLAN
- Configuring the Rapid PVST+ Maximum Age Time for a VLAN
- Specifying the Link Type
- Restarting the Protocol
- Verifying Rapid PVST+ Configurations
- Information About Rapid PVST+
- Configuring Multiple Spanning Tree
- Information About MST
- Configuring MST
- MST Configuration Guidelines
- Enabling MST
- Entering MST Configuration Mode
- Specifying the MST Name
- Specifying the MST Configuration Revision Number
- Specifying the Configuration on an MST Region
- Mapping and Unmapping VLANs to MST Instances
- Mapping Secondary VLANs to Same MSTI as Primary VLANs for Private VLANs
- Configuring the Root Bridge
- Configuring a Secondary Root Bridge
- Configuring the Port Priority
- Configuring the Port Cost
- Configuring the Switch Priority
- Configuring the Hello Time
- Configuring the Forwarding-Delay Time
- Configuring the Maximum-Aging Time
- Configuring the Maximum-Hop Count
- Configuring PVST Simulation Globally
- Configuring PVST Simulation Per Port
- Specifying the Link Type
- Restarting the Protocol
- Verifying MST Configurations
- Configuring STP Extensions
- About STP Extensions
- Information About STP Extensions
- Configuring STP Extensions
- STP Extensions Configuration Guidelines
- Configuring Spanning Tree Port Types Globally
- Configuring Spanning Tree Edge Ports on Specified Interfaces
- Configuring Spanning Tree Network Ports on Specified Interfaces
- Enabling BPDU Guard Globally
- Enabling BPDU Guard on Specified Interfaces
- Enabling BPDU Filtering Globally
- Enabling BPDU Filtering on Specified Interfaces
- Enabling Loop Guard Globally
- Enabling Loop Guard or Root Guard on Specified Interfaces
- Verifying STP Extension Configuration
- About STP Extensions
- Configuring LLDP
- Configuring the MAC Address Table
- Configuring IGMP Snooping
- Configuring Traffic Storm Control
- INDEX
•
The secondary-vlan-list parameter can contain multiple community VLAN IDs and one isolated VLAN
ID.
•
Enter a secondary-vlan-list or use the add keyword with a secondary-vlan-list to associate secondary
VLANs with a primary VLAN.
•
Use the remove keyword with a secondary-vlan-list to clear the association between secondary VLANs
and a primary VLAN.
•
You change the association between a secondary and primary VLAN by removing the existing association
and then adding the desired association.
If you delete either the primary or secondary VLAN, the VLAN becomes inactive on the port where the
association is configured. When you enter the no private-vlan command, the VLAN returns to the normal
VLAN mode. All primary and secondary associations on that VLAN are suspended, but the interfaces remain
in PVLAN mode. If you again convert the specified VLAN to PVLAN mode, the original associations are
reinstated.
If you enter the no vlan command for the primary VLAN, all PVLAN associations with that VLAN are lost.
However, if you enter the no vlan command for a secondary VLAN, the PVLAN associations with that VLAN
are suspended and are reinstated when you recreate the specified VLAN and configure it as the previous
secondary VLAN.
Before You Begin
Ensure that the PVLAN feature is enabled.
Procedure
PurposeCommand or Action
Enters configuration mode.switch# configure terminal
Step 1
Enters the number of the primary VLAN that you are
working in for the PVLAN configuration.
switch(config)# vlan primary-vlan-id
Step 2
Associates the secondary VLANs with the primary
VLAN. Use the remove keyword with a
switch(config-vlan)# private-vlan
association {[add] secondary-vlan-list
| remove secondary-vlan-list}
Step 3
secondary-vlan-list to clear the association between
secondary VLANs and a primary VLAN.
(Optional)
Removes all associations from the primary VLAN and
returns it to normal VLAN mode.
switch(config-vlan)# no private-vlan
association
Step 4
This example shows how to associate community VLANs 100 through 110 and isolated VLAN 200 with
primary VLAN 5:
switch# configure terminal
switch(config)# vlan 5
switch(config-vlan)# private-vlan association 100-110, 200
Cisco Nexus 3000 NX-OS Layer 2 Switching Configuration Guide, Release 5.0(3)U3(1)
44 OL-26590-01
Configuring Private VLANs
Associating Secondary VLANs with a Primary Private VLAN