templateis configured, usethe sdm preferdefault global configuration command to set the default
template.
Secondary and Primary VLAN ConfigurationFollowthese guidelines when configuringprivate VLANs:
•Ifthe switch is running VTP version 1 or 2, you must set VTP to transparent mode. After you configure
aprivate VLAN, you should not change the VTP mode to client or server. VTP version 3 supports private
VLANsin allmodes.
•WithVTP version 1 or 2, after you have configured private VLANs, use the copy running-config
startupconfig privileged EXEC command to save the VTP transparent mode configuration and
private-VLANconfiguration in the switchstartup configuration file. Otherwise,if the switchresets, it
defaultsto VTP server mode, which does not support privateVLANs. VTP version 3 does support
privateVLANs.
•VTPversion 1 and 2 do not propagate private-VLAN configuration. You must configure private VLANs
oneach device where you want private-VLAN ports unless the devices are running VTP version 3.
•Youcannot configure VLAN 1 or VLANs 1002 to 1005 as primary or secondary VLANs. Extended
VLANs(VLAN IDs 1006 to 4094) can belong to privateVLANs.
•Aprimary VLAN can have one isolated VLAN and multiple community VLANs associated with it. An
isolatedor community VLAN can have only one primary VLAN associated with it.
•Althougha private VLAN contains more than one VLAN, only one Spanning Tree Protocol (STP)
instanceruns for the entire private VLAN. When a secondary VLAN is associated with the primary
VLAN,the STP parameters of the primary VLAN are propagated to the secondary VLAN.
•Youcan enable DHCP snooping on private VLANs. When you enable DHCP snooping on the primary
VLAN,it is propagatedto thesecondary VLANs. If you configure DHCP on a secondary VLAN, the
configurationdoes not take effect if the primary VLAN is already configured.
•Whenyou enable IP source guard on private-VLAN ports, you must enable DHCP snooping on the
primaryVLAN.
•Werecommend that you prune the private VLANs from the trunks on devices that carry no traffic in
theprivate VLANs.
•Youcan apply different quality of service (QoS) configurations to primary, isolated, and community
VLANs.
•Notethe following considerations for sticky ARP:
◦StickyARP entries are those learned on SVIs and Layer 3 interfaces. These entries do not age out.
◦Theip sticky-arpglobal configuration command is supported only on SVIs belonging to private
VLANs.
◦Theip sticky-arpinterface configuration command isonly supportedon:
◦Layer3 interfaces
◦SVIsbelonging to normalVLANs
◦SVIsbelonging toprivate VLANs
Catalyst 2960-XR Switch VLAN Configuration Guide, Cisco IOS Release 15.0(2)EX1
84 OL-29440-01
Configuring Private VLANs
Secondary and Primary VLAN Configuration