Installation manual
4-258
SIGNAMAX LLC • www.signamax.eu
Example
Configuring Private VLANs
Private VLANs provide port-based security and isolation between ports within
the assigned VLAN. This switch supports two types of private VLANs: primary/secondary
associated groups, and stand-alone isolated VLANs. A primary VLAN contains
promiscuous ports that can communicate with all other ports in the private VLAN group,
while a secondary (or community) VLAN contains community ports that can only
communicate with other hosts within the secondary VLAN and with any of the
promiscuous ports in the associated primary VLAN. Isolated VLANs, on the other hand,
consist a single stand-alone VLAN that contains one promiscuous port and one or more
isolated (or host) ports. In all cases, the promiscuous ports are designed to provide open
access to an external network such as the Internet, while the community ports provide
restricted access to local users.
Multiple primary VLANs can be configured on this switch, and multiple community VLANs
can be associated with each primary VLAN. One or more isolated VLANs can also be
configured. (Note that private VLANs and normal VLANs can exist simultaneously within
the same switch.)
This section describes commands used to configure private VLANs.
Console#show pvlan
Private VLAN Status : Enabled
Uplink-to-Uplink Mode : Blocking
Session Uplink Ports Downlink Ports
--------- ------------------------------ -----------------------------
1 Ethernet 1/28 Ethernet 1/9
Ethernet 1/10
Ethernet 1/11
Console#
Table 4-72 Private VLAN Commands
Command Function Mode Page
Edit Private VLAN Groups
private-vlan Adds or deletes primary, community, or isolated VLANs VC 4-259
private-vlan association Associates a community VLAN with a primary VLAN VC 4-260
Configure Private VLAN Interfaces
switchport mode
private-vlan
Sets an interface to host mode or promiscuous mode IC 4-261
switchport private-vlan
host-association
Associates an interface with a secondary VLAN IC 4-261
switchport private-vlan
mapping
Maps an interface to a primary VLAN IC 4-262