12-14
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
OL-9639-06
Chapter 12 Configuring Private VLANs
Configuring Private VLANs
Mapping Secondary VLANs to a Primary VLAN Layer 3 VLAN Interface
If the switch is running the metro IP access image and the private VLAN will be used for inter-VLAN
routing, you configure an SVI for the primary VLAN and map secondary VLANs to the SVI.
Note Isolated and community VLANs are both secondary VLANs.
Beginning in privileged EXEC mode, follow these steps to map secondary VLANs to the SVI of a
primary VLAN to allow Layer 3 switching of private-VLAN traffic:
Note The private-vlan mapping interface configuration command only affects private-VLAN traffic that is
switched through Layer 3.
When you map secondary VLANs to the Layer 3 VLAN interface of a primary VLAN, note this syntax
information:
The secondary_vlan_list parameter cannot contain spaces. It can contain multiple comma-sep arated
items. Each item can be a single private-VLAN ID or a hyphenated range of private-VLAN IDs.
Enter a secondary_vlan_list, or use the add keyword with a secondary_vlan_list to map the
secondary VLANs to the primary VLAN.
Use the remove keyword with a secondary_vlan_list to clear the mapping between secondary
VLANs and the primary VLAN.
This example shows how to map the interfaces of VLANs 501 and 502 to primary VLAN 10, which
permits routing of secondary VLAN incoming traffic from private VLANs 501 to 502:
Switch# configure terminal
Switch(config)# interface vlan 10
Switch(config-if)# private-vlan mapping 501-502
Switch(config-if)# end
Switch# show interfaces private-vlan mapping
Interface Secondary VLAN Type
--------- -------------- -----------------
vlan10 501 isolated
vlan10 502 community
Command Purpose
Step 1 configure terminal Enter global configuration mode.
Step 2 interface vlan primary_vlan_id Enter interface configuration mode for the primary
VLAN, and configure the VLAN as an SVI. The VLAN
ID range is 2 to 1001 and 1006 to 4094.
Step 3 private-vlan mapping [add | remove]
secondary_vlan_list Map the secondary VLANs to the Layer 3 VLAN
interface of a primary VLAN to allow Layer 3 switching
of private-VLAN incoming traffic.
Step 4 end Return to privileged EXEC mode.
Step 5 show interface private-vlan mapping Verify the configuration.
Step 6 copy running-config startup config (Optional) Save your entries in the switch startup
configuration file.