User's Manual

234
33.5 Configuration Example
Figure 1: Typical Configuration of Private VLAN
As shown in figure 1, port G0/1 is the promiscuous port in primary VLAN 2 and ports G0/2-G0/6 are
host ports, among which ports G0/2 and G0/3 are host ports (public ports) of Community VLAN 3, port
G0/4 is that of Community VLAN 4, and ports G0/5 and G0/6 are host ports of Isolated VLAN 5.
According to the definition of private VLAN, L2 communication can be conducted between
promiscuous port G0/1 and host ports of all sub-VLAN domains, so it is between host ports G0/2 and G0/3
of community VLAN 3, but they cannot conduct L2 communication with other host ports of secondary
VLANs. L2 communication cannot go on between ports G0/5 and G0/6 in Isolated VLAN 5, but the two
ports can conduct L2 communication with promiscuous port G0/1.
The commands requiring to be entered in a switch are shown below:
Switch_config#interface GigaEthernet0/1
Switch_config_g0/1#switchport mode private-vlan promiscuous
Switch_config_g0/1#switchport private-vlan mapping 2 3-5
Switch_config_g0/1#switchport pvid 2
Switch_config#interface GigaEthernet0/2
Switch_config_g0/2#switchport mode private-vlan host
Switch_config_g0/2#switchport private-vlan host-association 2 3
Switch_config_g0/2#switchport pvid 3