System information
VLAN Configuration
3-131
3
Web – Click VLAN, 802.1Q VLAN, Port Configuration or Trunk Configuration. Fill in
the required settings for each interface, click Apply.
Figure 3-76 Configuring VLANs per Port
CLI – This example sets port 3 to accept only tagged frames, assigns PVID 3 as the
native VLAN ID, and then sets the switchport mode to hybrid.
Private VLANs
Private VLANs provide port-based security and isolation between ports within
the assigned VLAN. This switch supports two types of private VLANs: primary/
secondary associated groups, and stand-alone isolated VLANs. A primary VLAN
contains promiscuous ports that can communicate with all other ports in the private
VLAN group, while a secondary (or community) VLAN contains community ports
that can only communicate with other hosts within the secondary VLAN and with any
of the promiscuous ports in the associated primary VLAN. Isolated VLANs, on the
other hand, consist a single stand-alone VLAN that contains one promiscuous port
and one or more isolated (or host) ports. In all cases, the promiscuous ports are
designed to provide open access to an external network such as the Internet, while
the community or isolated ports provide restricted access to local users.
Multiple primary VLANs can be configured on this switch, and multiple community
VLANs can be associated with each primary VLAN. One or more isolated VLANs
can also be configured. (Note that private VLANs and normal VLANs can exist
simultaneously within the same switch.)
Console(config)#interface ethernet 1/3 4-114
Console(config-if)#switchport acceptable-frame-types tagged 4-169
Console(config-if)#switchport ingress-filtering 4-169
Console(config-if)#switchport native vlan 3 4-170
Console(config-if)#switchport mode hybrid 4-168
Console(config-if)#