Configuring private vlans, Table 4-78, Private vlan commands – LevelOne FGL-2870 User Manual

Page 682

Advertising

Command Line Interface

4-316

Configuring Private VLANs

Private VLANs provide port-based security and isolation of local ports contained
within different private VLAN groups. This switch supports two types of private
VLANs – primary and community groups. A primary VLAN contains promiscuous
ports that can communicate with all other ports in the associated private VLAN
groups, while a community (or secondary) VLAN contains community ports that can
only communicate with other hosts within the community VLAN and with any of the
promiscuous ports in the associated primary VLAN. The promiscuous ports are
designed to provide open access to an external network such as the Internet, while
the community ports provide restricted access to local users.

Multiple primary VLANs can be configured on this switch, and multiple community
VLANs can be associated with each primary VLAN. (Note that private VLANs and
normal VLANs can exist simultaneously within the same switch.)

This section describes commands used to configure private VLANs.

To configure primary/community associated groups, follow these steps:

Use the private-vlan command to designate one or more community VLANs
and the primary VLAN that will channel traffic outside of the community groups.

Use the private-vlan association command to map the community VLAN(s) to
the primary VLAN.

Use the switchport mode private-vlan command to configure ports as
promiscuous (i.e., having access to all ports in the primary VLAN) or host (i.e.,
community port).

Use the switchport private-vlan host-association command to assign a port
to a community VLAN.

Use the switchport private-vlan mapping command to assign a port to a
primary VLAN.

Table 4-78 Private VLAN Commands

Command

Function

Mode

Page

Edit Private VLAN Groups
private-vlan

Adds or deletes primary or community VLANs

4-317

private-vlan association

Associates a community VLAN with a primary VLAN