39-8
Software Configuration Guide—Release 15.0(2)SG
OL-23818-01
Chapter 39 Configuring Private VLANs
About Private VLANs
PVLAN Modes Over Gigabit Etherchannel
Beginning with Cisco IOS Release 15.0(2)SG you can configure PVLAN modes over Etherchannel.
These new modes are:
Host mode - Isolated, Community and 2-way community
Promiscuous mode
Secondary Isolated trunks
Promiscuous trunks
The process of bundling ports has not changed. PVLAN modes are added to already existing modes such
as access, trunk, routed, tunneled etc.
Feature interactions include:
A primary VLAN can be associated with multiple community and twoway-community VLANs, but
only one isolated VLAN.
An isolated or community VLAN or 2-way community VLAN can be associated with only one
primary VLAN.
If you delete a VLAN used in a PVLAN configuration, the PVLAN ports associated with the VLAN
become inactive.
The default native VLAN for promiscuous trunk port is VLAN 1 (management VLAN). All
untagged packets are forwarded in the native VLAN. Either the primary VLANs or a regular VLAN
can be configured as the native VLAN.
No default native VLAN set exists on an isolated secondary trunks. All untagged packets are
dropped, if no native VLAN is configured.
Community and twoway-community VLANs cannot be propagated or carried over PVLAN trunks.
For IGMP Snooping, IGMP reports are learned on the primary VLAN and the platform decides if
packet must be forwarded in the primary or secondary VLANs.
For details on configuring PVLANs over EtherChannel, Refer to the section “Configuring PVLAN over
EtherChannel” section on page 39-24.
Private-VLAN Interaction with Other Features
PVLANs have specific interaction with some other features, described in these sections:
PVLANs and VLAN ACL/QoS, page 39-8
PVLANs and Unicast, Broadcast, and Multicast Traffic, page 39-9
PVLANs and SVIs, page 39-10
Per-Virtual Port Error-Disable on PVLANs, page 39-10
For details, see the section “PVLAN Configuration Guidelines and Restrictions” on page 12.

PVLANs and VLAN ACL/QoS

PVLAN ports use primary and secondary VLANs, as follows:
A packet received on a PVLAN host port belongs to the secondary VLAN.