18-11
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-21521-01
Chapter 18 Configuring Private VLANs Configuring Private VLANs
Switch(config-vlan)# end
Switch(config)# show vlan private vlan
Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------
20 501 isolated
20 502 community
20 503 community
20 504 non-operational
Configuring a Layer 2 Interface as a Private-VLAN Host Port
Beginning in privileged EXEC mode, follow these steps to configure a Layer 2 interface as a
private-VLAN host port and to associate it with primary and secondary VLANs:
Note Isolated and community VLANs are both secondary VLANs.
This example shows how to configure an interface as a private-VLAN host port, associate it with a
private-VLAN pair, and verify the configuration:
Switch# configure terminal
Switch(config)# interface gigabitethernet1/0/22
Switch(config-if)# switchport mode private-vlan host
Switch(config-if)# switchport private-vlan host-association 20 501
Switch(config-if)# end
Switch# show interfaces gigabitethernet1/0/22 switchport
Name: Gi1/0/22
Switchport: Enabled
Administrative Mode: private-vlan host
Operational Mode: private-vlan host
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: 20 501
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Command Purpose
Step 1 configure terminal Enter global configuration mode.
Step 2 interface interface-id Enter interface configuration mode for the Layer 2
interface to be configured.
Step 3 switchport mode private-vlan host Configure the Layer 2 port as a private-VLAN host port.
Step 4 switchport private-vlan host-association
primary_vlan_id secondary_vlan_id
Associate the Layer 2 port with a private VLAN.
Step 5 end Return to privileged EXEC mode.
Step 6 show interfaces [interface-id] switchport Verify the configuration.
Step 7 copy running-config startup config (Optional) Save your entries in the switch startup
configuration file.