34-10
Software Configuration Guide—Release 12.2(25)SG
OL-76590-03
Chapter34 Configuring Private VLANs
How to Configure PVLANs
This example shows how to configure interface FastEthernet 5/1 as a PVLAN trunk port, maps
VLAN0202 to VLAN0440, and configures the PVLAN trunk:
Switch# configure terminal
Switch(config)# interface fastethernet 5/1
Switch(config-if)# switchport private-vlan association trunk 202 440
Switch(config-if)# switchport mode private-vlan trunk
Switch(config-if)# end
Switch#show interfaces fastethernet 5/1 switchport
Name: Fa5/1
Switchport: Enabled
Administrative Mode: private-vlan trunk
Operational Mode: private-vlan trunk
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Step5 Switch(config-if)# [no] switchport private-vlan
association trunk
primary_vlan_ID
secondary_vlan_ID
Configures association between primary VLANs and
secondary VLANs the PVLAN trunk port with a
PVLAN.
Note Multiple PVLAN pairs can be specified using
this command so that a PVLAN trunk port can
carry multiple secondary VLANs. If an
association is specified for the existing primary
VLAN, the existing association is replaced. If
there is no trunk association, any packets
received on secondary VLANs are dropped.
You can use the no keyword to delete all associations
from the primary VLAN.
Step6 Switch(config-if)# [no] switchport private-vlan
trunk allowed vlan
vlan_list
all | none | [add |
remove | except]
vlan_atom
[,
vlan_atom
...]
Configures a list of allowed normal VLANs on a PVLAN
trunk port.
You can use the no keyword to remove all allowed
normal VLANs on a PVLAN trunk port.
Step7 Switch(config-if)# [no] switchport private-vlan
trunk native vlan
vlan_id
Configures a VLAN to which untagged packets (as in
IEEE 802.1Q tagging) are assigned on a PVLAN trunk
port.
If there is no native VLAN configured, all untagged
packets are dropped.
If the native VLAN is a secondary VLAN and the port
does not have the association for the secondary VLAN,
the untagged packets are dropped.
You can use the no keyword to remove all native
VLANs on a PVLAN trunk port.
Step8 Switch(config-if)# end Exits configuration mode.
Step9 Switch# show interfaces {fastethernet |
gigabitethernet | tengigabitethernet}
slot
/
port
switchport
Verifies the configuration.
Command Purpose