INTERFACE VLAN mode
private-vlan mapping secondary-vlan vlan-list
The list of secondary VLANs can be:
• Specified in comma-delimited (VLAN-ID,VLAN-ID) or hyphenated-range format (VLAN-ID-
VLAN-ID).
• Specified with this command even before they have been created.
• Amended by specifying the new secondary VLAN to be added to the list.
5. Add promiscuous ports as tagged or untagged interfaces.
INTERFACE VLAN mode
tagged interface or untagged interface
Add PVLAN trunk ports to the VLAN only as tagged interfaces.
You can enter interfaces singly or in range format, either comma-delimited (slot/
port,port,port
) or hyphenated (slot/port-port).
You can only add promiscuous ports or PVLAN trunk ports to the PVLAN (no host or regular ports).
6. (OPTIONAL) Assign an IP address to the VLAN.
INTERFACE VLAN mode
ip address ip address
7. (OPTIONAL) Enable/disable Layer 3 communication between secondary VLANs.
INTERFACE VLAN mode
ip local-proxy-arp
NOTE: If a promiscuous or host port is untagged in a VLAN and it receives a tagged packet in the
same VLAN, the packet is NOT dropped.
Creating a Community VLAN
A community VLAN is a secondary VLAN of the primary VLAN in a private VLAN.
The ports in a community VLAN can talk to each other and with the promiscuous ports in the primary
VLAN.
1. Access INTERFACE VLAN mode for the VLAN that you want to make a community VLAN.
CONFIGURATION mode
interface vlan vlan-id
2. Enable the VLAN.
INTERFACE VLAN mode
no shutdown
3. Set the PVLAN mode of the selected VLAN to community.
INTERFACE VLAN mode
private-vlan mode community
4. Add one or more host ports to the VLAN.
702
Private VLANs (PVLAN)