Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Private VLAN Across Multiple Switches

Hi Sir,

I have one unit Catalyst 6513. I configured a PVLAN with VLAN 30 as primary VLAN and VLAN 31 as secondary isolated VLAN.

Ports connected to hosts are configured as follows:


interface GigabitEthernet3/1


switchport private-vlan host-association 30 31

switchport mode private-vlan host


Hosts can't talk to one another but they can communicate with the SVI (interface Vlan30).

There's a requirement to extend some hosts to another non-Cisco switch which will trunk to this Cat6513. How should I configure the trunk port on the Cat6513 to preserve the same security model as when the hosts are directly connected to the switch?



interface GigabitEthernet12/9


switchport trunk encapsulation dot1q

switchport trunk allowed vlan 30

switchport mode trunk


Allowed VLAN should be 30 or 31? Do I have to configure the command "switchport private-vlan host-association 30 31" on this trunk port?

On another note, do you know the difference between the following two commands:

(1) switchport private-vlan host-association 30 31

(2) switchport private-vlan association host 30 31

Please advise.

Thank you.


Lim TS


Re: Private VLAN Across Multiple Switches

Hi Lim,

I know that the command "switchport private-vlan host-association" is used To define a PVLAN association for an isolated or community port.

Usage Guidelines

There is no run-time effect on the port unless it is in PVLAN-host mode. If the port is in PVLAN-host mode but neither of the VLANs exist, the command is allowed but the port is made inactive.

The secondary VLAN may be an isolated or community VLAN.


This example shows how to configure a port with a primary VLAN (VLAN 18) and secondary VLAN (VLAN 20):

Router(config-if)# switchport private-vlan host-association 18 20


This example shows how to remove the PVLAN association from the port:

Router(config-if)# no switchport private-vlan host-association


Have you configured "switchport private-vlan association host 30 31" on 6513 switch.

did it accepted ?



New Member

Re: Private VLAN Across Multiple Switches

Hi Satish,

When I typed the command "sw private-vlan association host 30 31" on the Cat6513, it turns out to be "switchport private-vlan host-association 30 31" in the running-config. So I presume these two commands are equivalent.

I'm more concerned about PVLAN across multiple switches via 802.1Q trunk. Found some technotes below:

Cisco recommends the use of standard trunk ports (regular trunks)if both switches that undergo trunking support PVLANs. I doubt if the non-Cisco switch that's gonna trunk to my Cat6513 supports PVLAN.

In that case, I may need to configure PVLAN trunk. However, it's not supported on the Catalyst 6513 [IOS version 12.2(18)SXF8 - IP SERVICES]

Cat6513(config-if)#sw mod private-vlan ?

host Set the mode to private-vlan host

promiscuous Set the mode to private-vlan promiscuous

Cat6513(config-if)#sw mod private-vlan

I'm out of idea. Please help.

Thank you.


Lim TS