System information
3-92
Command Line Interface
3
own community VLAN, and with their designated promiscuous ports. This section
describes commands used to configure private VLANs.
To configure private VLANs, follow these steps:
1. Use the private-vlan command to designate one or more community VLANs and
the primary VLAN that will channel traffic outside the community groups.
2. Use the private-vlan association command to map the secondary
(i.e., community) VLAN(s) to the primary VLAN.
3. Use the switchport mode private-vlan command to configure ports as
promiscuous (i.e., having access to all ports in the primary VLAN) or host (i.e.,
having access restricted to community VLAN members, and channeling all other
traffic through a promiscuous port).
4. Use the switchport private-vlan host-association command to assign a port to
a secondary VLAN.
5. Use the switchport private-vlan mapping command to assign a port to a
primary VLAN.
6. Use the show vlan private-vlan command to verify your configuration settings.
Table 3-28. Private VLAN Commands
Command Function Mode Page
Edit Private VLAN Groups
private-vlan Adds or deletes primary and secondary VLANs VC 3-93
private-vlan association Associates a secondary with a primary VLAN VC 3-93
Configure Private VLAN Interfaces
switchport mode
private-vlan
Sets an interface to host mode or promiscuous mode IC 3-94
switchport private-vlan
host-association
Associates an interface with a secondary VLAN IC 3-95
switchport private-vlan
mapping
Maps an interface to a primary VLAN IC 3-96
Display Private VLAN Information
show vlan private-vlan Shows Private VLAN information NE, PE 3-96