43-15
Software Configuration Guide—Release 15.0(2)SG
OL-23818-01
Chapter 43 Configuring Port Security Configuring Port Security on PVLAN Ports
Figure 43-1 Port Security on Isolated Private VLAN Host Ports
Note Dynamic addresses secured on an isolated private VLAN host port on private VLANs are secured on the
secondary VLANs, and not primary VLANs.
To configure port security on an isolated private VLAN host port, perform this task:
Layer 2 switch Router
PCPC
ab
Port security
implemented on
isolated VLAN
host ports a and b
140973
Promiscuous port
X
Command Purpose
Step 1 Switch# configure terminal Enter global configuration mode.
Step 2 Switch(config)# vlan sec_vlan_id Specifies a secondary VLAN.
Step 3 Switch(config-vlan)# private-vlan isolated Sets the private VLAN mode to isolated.
Step 4 Switch(config-vlan)# exit Returns to global configuration mode.
Step 5 Switch(config)# vlan pri_vlan_id Specifies a primary VLAN.
Step 6 Switch(config-vlan)# private-vlan primary Specifies the VLAN as the primary private VLAN.
Step 7 Switch(config-vlan)# private-vlan association
add sec_vlan_id Creates an association between a secondary VLAN and a
primary VLAN.
Step 8 Switch(config-vlan)# exit Returns to global configuration mode.
Step 9 Switch(config)# interface interface_id Enters interface configuration mode and specifies the
physical interface to configure.
Step 10 Switch(config-if)# switchport mode private-vlan
host Specifies that the ports with a valid private VLAN trunk
association become active host private VLAN trunk ports.
Step 11 Switch(config-if)# switchport private-vlan
host-association primary_vlan secondary_vlan Establishes a host association on an isolated host port.
Step 12 Switch(config-if)# [no] switchport port-security Enables port security on the interface.
Step 13 Switch(config-if)# end Returns to privileged EXEC mode.
Step 14 Switch# show port-security address
interface interface_id
Switch# show port-security address
Verifies your entries.