Private vlan association – LevelOne GSW-2692 User Manual

Command Line Interface

4-160

4

an associated “primary” VLAN that contains promiscuous ports. When using
an isolated VLAN, it must be configured to contain a single promiscuous port.

• Port membership for private VLANs is static. Once a port has been assigned

to a private VLAN, it cannot be dynamically moved to another VLAN via GVRP.

• Private VLAN ports cannot be set to trunked mode. (See “switchport mode” on

page 4-152.)

Example

private vlan association

Use this command to associate a primary VLAN with a secondary (i.e., community)
VLAN. Use the no form to remove all associations for the specified primary VLAN.

Syntax

private-vlan primary-vlan-id association {secondary-vlan-id |

add secondary-vlan-id | remove secondary-vlan-id}

no private-vlan primary-vlan-id association

• primary-vlan-id - ID of primary VLAN.

(Range: 1-4094, no leading zeroes).

• secondary-vlan-id - ID of secondary (i.e, community) VLAN.

(Range: 1-4094, no leading zeroes).

Default Setting

None

Command Mode

VLAN Configuration

Command Usage

Secondary VLANs provide security for group members. The associated
primary VLAN provides a common interface for access to other network
resources within the primary VLAN (e.g., servers configured with promiscuous
ports) and to resources outside of the primary VLAN (via promiscuous ports).

Example

Console(config)#vlan database
Console(config-vlan)#private-vlan 2 primary
Console(config-vlan)#private-vlan 3 community
Console(config)#

Console(config-vlan)#private-vlan 2 association 3
Console(config)#