Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

how to create a private vlan in cisco switch 2960

i want to create a private vlan in switch 2960 >no body can access to it and no sharing file between this vlan and anther please help me by steps

New Member

Re: how to create a private vlan in cisco switch 2960

Correct me if I am wrong (and I am sure some one will !!), but I think Cisco describe a private VLAN as one where all the ports in the VLAN can only communicate with one (server) port, and not each other. I suspect that what you need is a VLAN where all the members can talk to each other, but no-one can communicate in or out of this VLAN?

If that is correct, then all you need to do is create the VLAN on this switch only, and exclude it from the VLAN trunk. Depending on how many VLANs you have, either configure the trunk to allow all the VLANs except the one you want to be private, or create a vlan-list and use that to exclude the private one. As the 2960 is not L3, no-one should now have the ability to access it other than ports on this same switch that are configured to access it.

Hope that helps.

Re: how to create a private vlan in cisco switch 2960

Hi Ashraf,

You are using the cisco 2960 switch so it cannot support your requirement.

Let me explain a bit more about private-vlans.

You can use a private-vlan edge,protected port to prevent the protected port from talking to the other protected ports within the same vlan.

F.E. f0/1 and f0/2 are in the same vlan on a switch. Configuring them by using protected port features. f0/1 cannot now talk to f0/2 and vise versa.

Keep that in mind,Protected port will perfectly work on a local switch.It will not work between switches because traffics from the trunk port can talk to the protected ports .If you want to use a real private-vlans through the entire network I would tell you to use cisco 3560 or cisco 3750 or higher model because they can use "PRIVATE VLAN or PVLAN". PVLAN needs more explanations as well. ;-)

please check this link out :

Hopes this helps