16-14
Catalyst 3750 SwitchSoftware Configuration Guide
OL-8550-09
Chapter16 Configuring Private VLANs
Configuring Private VLANs
Mapping Secondary VLANs to a Primary VLAN Layer 3 VLAN Interface
If the private VLAN will be used for inter-VLAN routing, you configure an SVI for the primary VLAN
and map secondary VLANs to the SVI.
Note Isolated and community VLANs are both secondary VLANs.
Beginning in privileged EXEC mode, follow these steps to map secondary VLANs to the SVI of a
primary VLAN to allow Layer 3 switching of private-VLAN traffic:
Note The private-vlan mapping interface configuration command only affects private-VLAN traffic that is
switched through Layer 3.
When you map secondary VLANs to the Layer 3 VLAN interface of a primary VLAN, note this syntax
information:
The secondary_vlan_list parameter cannot contain spaces. It can contain multiple comma-separated
items. Each item can be a single private-VLAN ID or a hyphenated range of private-VLAN IDs.
Enter a secondary_vlan_list, or use the add keyword with a secondary_vlan_list to map the
secondary VLANs to the primary VLAN.
Use the remove keyword with a secondary_vlan_list to clear the mapping between secondary
VLANs and the primary VLAN.
This example shows how to map the interfaces of VLANs 501 and 502 to primary VLAN 10, which
permits routing of secondary VLAN ingress traffic from private VLANs 501 to 502:
Switch# configure terminal
Switch(config)# interface vlan 10
Switch(config-if)# private-vlan mapping 501-502
Switch(config-if)# end
Switch# show interfaces private-vlan mapping
Interface Secondary VLAN Type
--------- -------------- -----------------
vlan10 501 isolated
vlan10 502 community
Command Purpose
Step1 configure terminal Enter global configuration mode.
Step2 interface vlan primary_vlan_id Enter interface configuration mode for the primary VLAN, and configure
the VLAN as an SVI. The VLAN ID range is 2 to 1001 and 1006 to 4094.
Step3 private-vlan mapping [add | remove]
secondary_vlan_list
Map the secondary VLANs to the Layer 3 VLAN interface of a primary
VLAN to allow Layer 3 switching of private-VLAN ingress traffic.
Step4 end Return to privileged EXEC mode.
Step5 show interface private-vlan mapping Verify the configuration.
Step6 copy running-config startup config (Optional) Save your entries in the switch startup configuration file.