cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2958
Views
0
Helpful
0
Comments
TCC_2
Level 10
Level 10

Core issue

A Private VLAN (PVLAN) is a VLAN with configuration for Layer 2 (L2) isolation from other ports within the same broadcast domain or subnet.

Assign a specific set of ports within a PVLAN to control access among the ports at L2. PVLANs and normal VLANs can be configured on the same switch.

The three types of PVLAN ports are:

  • Promiscuous
  • Isolated
  • Community

Resolution

To create a PVLAN, perform these steps in privileged mode:

  1. Issue the set vlan vlan_num pvlan-type primary command to create the primary VLAN.  

  2. Issue the set vlan vlan_num pvlan-type {isolated | community} command to set the isolated or community VLAN(s).  

  3. Issue the set pvlan primary_vlan_num {isolated_vlan_num | community_vlan_num}mod/ports command to bind the isolated or community VLAN(s) to the primary VLAN, and to associate the isolated or community port(s) to the private VLAN.  

  4. Issue the set pvlan mapping primary_vlan_num {isolated_vlan_num | community_vlan_num} mod/ports command to map the isolated or community VLAN to the primary VLAN on the promiscuous port.  

  5. Issue the show pvlan [vlan_num] and show pvlan mapping commands to verify the private VLAN configuration.

       

For more information, refer to the Configure the Primary and Isolated VLANs section of Configuring Isolated Private VLANs on Catalyst Switches.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco