Specifications
CHAPTER 7
Campus Network Security
Table 7-3 Configuring Private VLANs
Command Description
private-vlan association
Associates secondary VLANs with the primary one. Separate the secondary VLAN
secondary_vlan_list numbers with a comma, no spaces.
switchport mode private-vlan Configures a port as either a host port (for community or isolated) or a
{host | promiscuous} promiscuous port.
switchport private-vlan Associates a host port with its primary and secondary PVLANs.
host-association
primary_vlan_ ID
secondary_vlan_ID
private-vlan mapping primary_ Associates a promiscuous port with its primary and secondary PVLANs.
vlan_ID secondary_vlan_list
show interfaces
Verifies the VLAN configuration.
interface switchport
show interfaces Verify the private VLAN configuration.
private-vlan mapping
Protected Ports
On some lower-end switches, protected ports can provide a simple version of private VLANs. Traffic from a protected
port can access only an unprotected port. Traffic between protected ports is blocked. Configure port protection at the
interface:
Switch(config-if)# port protected
[ 87 ]
© 2010 Pearson Education, Inc. All rights reserved. This publication is protected by copyright. Please see page 112 for more details.
CCNP SWITCH 642-813 Quick Reference by Denise Donohue