Cisco Systems WSC4500X16SFP Manual

A SERVICE OF

next previous

34-3

Software Configuration Guide—Release 12.2(25)SG

OL-76590-03

Chapter 34 Configuring Private VLANs

How to Configure PVLANs

When a packet is transmitted out of a PVLAN host or trunk port, the packet logically belongs to the

primary VLAN. This relationship applies even though the packet may be transmitted with the secondary

VLAN tagging for PVLAN trunk ports. In this situation, the primary VLAN ACL and the primary VLAN

QoS on output apply to the packet.

How to Configure PVLANs

To configure a PVLAN, follow this procedure:

Step 1 Set VTP mode to transparent. See the “Disabling VTP (VTP Transparent Mode)” section on page 27-9.

Step 2 Create the secondary VLANs. See the “Configuring a VLAN as a PVLAN” section on page 34-5.

Step 3 Create the primary VLAN. See the “Configuring a VLAN as a PVLAN” section on page 34-5.

Step 4 Associate the secondary VLAN to the primary VLAN. See the “Associating a Secondary VLAN with a

Primary VLAN” section on page 34-6.

Note Only one isolated VLAN can be mapped to a primary VLAN, but more than one community

VLAN can be mapped to a primary VLAN.

Step 5 Configure an interface to an isolated or community port. See the “Configuring a Layer 2 Interface as a

PVLAN Host Port” section on page 34-8.

Step 6 Associate the isolated port or community port to the primary-secondary VLAN pair. See the

“Associating a Secondary VLAN with a Primary VLAN” section on page 34-6.

Step 7 Configure an interface as a promiscuous port. See the “Configuring a Layer 2 Interface as a PVLAN

Promiscuous Port” section on page 34-7.

Step 8 Map the promiscuous port to the primary-secondary VLAN pair. See the “Configuring a Layer 2

Interface as a PVLAN Promiscuous Port” section on page 34-7.

These sections describe how to configure PVLANs:

• “PVLAN Configuration Guidelines and Restrictions” section on page 34-3

• “Configuring a VLAN as a PVLAN” section on page 34-5

• “Associating a Secondary VLAN with a Primary VLAN” section on page 34-6

• “Configuring a Layer 2 Interface as a PVLAN Promiscuous Port” section on page 34-7

• “Configuring a Layer 2 Interface as a PVLAN Host Port” section on page 34-8

• “Permitting Routing of Secondary VLAN Ingress Traffic” section on page 34-11

PVLAN Configuration Guidelines and Restrictions

Follow these guidelines when configuring PVLANs:

• To configure a PVLAN correctly, enable VTP in transparent mode.

• Do not include VLAN 1 or VLANs 1002 through 1005 in PVLANs.