Private-vlan 4-317 – LevelOne FGL-2870 User Manual

VLAN Commands

4-317

4

6.

Use the show vlan private-vlan command to verify your configuration settings.

private-vlan

Use this command to create a primary or community private VLAN. Use the no form
to remove the specified private VLAN.

Syntax

private-vlan vlan-id {community | primary}
no private-vlan vlan-id

• vlan-id - ID of private VLAN. (Range: 1-4094, no leading zeroes).
• community - A VLAN in which traffic is restricted to host members in the

same VLAN and to promiscuous ports in the associate primary VLAN.

• primary - A VLAN which can contain one or more community VLANs, and

serves to channel traffic between community VLANs and other locations.

Default Setting

None

Command Mode

VLAN Configuration

Command Usage

• Private VLANs are used to restrict traffic to ports within the same community,

and channel traffic passing outside the community through promiscuous
ports. When using community VLANs, they must be mapped to an associated
“primary” VLAN that contains promiscuous ports.

• Port membership for private VLANs is static. Once a port has been assigned

to a private VLAN, it cannot be dynamically moved to another VLAN via GVRP.

• Private VLAN ports cannot be set to trunked mode. (See “switchport mode” on

page 4-301.)

Example

Console(config)#vlan database
Console(config-vlan)#private-vlan 2 primary
Console(config-vlan)#private-vlan 3 community
Console(config)#