Private-vlan 4-256 private vlan association – Accton Technology Edge-corE Fast Ethernet Switch ES3528M-SFP User Manual

Command Line Interface

4-256

4

private-vlan

Use this command to create a primary, community, or isolated private VLAN. Use
the no form to remove the specified private VLAN.

Syntax

private-vlan vlan-id {community | primary | isolated}
no private-vlan vlan-id

• vlan-id - ID of private VLAN. (Range: 1-4092, no leading zeroes).
• community - A VLAN in which traffic is restricted to host members in the

same VLAN and to promiscuous ports in the associate primary VLAN.

• primary - A VLAN which can contain one or more community VLANs, and

serves to channel traffic between community VLANs and other locations.

• isolated – Specifies an isolated VLAN. Ports assigned to an isolated VLAN

can only communicate with the promiscuous port within their own VLAN.

Default Setting

None

Command Mode

VLAN Configuration

Command Usage

• Private VLANs are used to restrict traffic to ports within the same community

or isolated VLAN, and channel traffic passing outside the community through
promiscuous ports. When using community VLANs, they must be mapped to
an associated “primary” VLAN that contains promiscuous ports. When using
an isolated VLAN, it must be configured to contain a single promiscuous port.

• Port membership for private VLANs is static. Once a port has been assigned

to a private VLAN, it cannot be dynamically moved to another VLAN via GVRP.

• Private VLAN ports cannot be set to trunked mode. (See “switchport mode” on

page 4-245.)

Example

private vlan association

Use this command to associate a primary VLAN with a secondary (i.e., community)
VLAN. Use the no form to remove all associations for the specified primary VLAN.

Syntax

private-vlan primary-vlan-id association {secondary-vlan-id |

add secondary-vlan-id | remove secondary-vlan-id}

Console(config)#vlan database
Console(config-vlan)#private-vlan 2 primary
Console(config-vlan)#private-vlan 3 community
Console(config)#