Private VLANs | 833
Related Configuration Tasks
• Private VLAN show Commands on page 834
Configure PVLAN Ports
You must assign switchports a PVLAN Port role—host, promiscuous, or trunk—before you can add them
to a primary or secondary VLAN.
• Host ports may not be a part of a non-private (regular) VLAN.
• Promiscuous ports may be a member of more than one primary VLAN, but may not be a member of
a regular VLAN.
• Trunk ports may be a member of a regular VLAN.
Place PVLAN Ports in a Secondary VLAN
PVLAN has two types of secondary VLANs:
Community VLANs:
• Can only have host ports.
• Host ports can communicate with each other and to promiscuous ports.
Isolated VLANs:
• Can only have host ports.
• Host ports cannot communicate with each other; they can only communicate with promiscuous ports.
Task Command Syntax Command Mode
Assign a PVLAN port role to a switchport.
switchport mode private-vlan {host |
promiscuous | trunk}
INTERFACE
Step Task Command Syntax Command Mode
1 Access the INTERFACE VLAN mode for the
VLAN that you want to make a community
VLAN.
interface vlan vlan-id CONFIGURATION
2 Designate the VLAN as a community or isolated
VLAN.
private-vlan mode {community |
isolated}
INTERFACE VLAN
3 Add one or more host ports to the VLAN. {tagged | untagged} interface INTERFACE VLAN
