Configuring private vlans, Configuring private vlans -160 – Asus GigaX2024SX User Manual

4-160

Configuring Private VLANs

Private VLANs provide port-based security and isolation between ports within the
assigned VLAN. This switch supports two types of private VLAN ports:
promiscuous, and community ports. A promiscuous port can communicate with all
interfaces within a private VLAN. Community ports can only communicate with
other ports in their own community VLAN, and with their designated promiscuous
ports. This section describes commands used to configure private VLANs.

To configure private VLANs, follow these steps:

1. Use the private-vlan command to designate one or more community VLANs
and the primary VLAN that will channel traffic outside the community groups.
2. Use the private-vlan association command to map the secondary
(i.e.,community) VLAN(s) to the primary VLAN.
3. Use the switchport mode private-vlan command to configure ports as
romiscuous (i.e., having access to all ports in the primary VLAN) or host
(i.e.,having access restricted to community VLAN members, and channeling all
other traffic through a promiscuous port).
4. Use the switchport private-vlan host-association command to assign a port