Reference Guide
Private VLAN (PVLAN) | 1155
45
Private VLAN (PVLAN)
Overview
Starting with FTOS 7.8.1.0, the Private VLAN (PVLAN) feature of FTOS is available for the C-Series
and S-Series: c s
Commands
• ip local-proxy-arp
• private-vlan mode
• private-vlan mapping secondary-vlan
• show interfaces private-vlan
• show vlan private-vlan
• show vlan private-vlan mapping
• switchport mode private-vlan
See also the following commands. The command output is augmented in FTOS 7.8.1.0 to provide
PVLAN data:
• show arp in Chapter 24, IPv4 Routing
• show vlan in Chapter 30, Layer 2
Private VLANs extend the FTOS security suite by providing Layer 2 isolation between ports within the
same private VLAN. A private VLAN partitions a traditional VLAN into subdomains identified by a
primary and secondary VLAN pair.
The FTOS private VLAN implementation is based on RFC 3069.
Private VLAN Concepts
Primary VLAN:
The primary VLAN is the base VLAN and can have multiple secondary VLANs. There are two types of
secondary VLAN — community VLAN and isolated VLAN:
• A primary VLAN can have any number of community VLANs and isolated VLANs.
• Private VLANs block all traffic to isolated ports except traffic from promiscuous ports. Traffic
received from an isolated port is forwarded only to promiscuous ports or trunk ports.