Create a Private VLAN
About this task
You can create a private VLAN and set the port type. The primary and secondary VLAN IDs are associated with the same MTSI, the secondary VLAN inherits the primary VLAN configuration. You cannot create another VLAN with the same VLAN ID as the secondary VLAN. The secondary VLAN cannot be any other type of VLAN other than a secondary VLAN.
Procedure
-
Enter GigabitEthernet Interface
Configuration mode:
interface GigabitEthernet {slot/port[/sub-port][-slot/port[/sub-port]][,...][slot/all][all]}
Note
If the platform supports channelization and the port is channelized, you must also specify the sub-port in the format slot/port/sub-port.
-
Set the port type:
private-vlan <isolated|promiscuous|trunk}
Note
If the port is a member of an MLT, the port inherits the private VLAN port type of the MLT.
Example
Switch:1> enable
Switch:1# configure terminal
Switch:1(config)# vlan create 2 type pvlan-mstprstp 6 secondary 5
Switch:1(config)# interface gigabitethernet 1/36
Switch:1(config-if)# private-vlan isolated
Switch:1(config-if)# exit
Switch:1(config)# interface vlan 2
Switch:1(config-if)# vlan members add 2 1/36
Variable Definitions
Use the data in the following table to use the vlan create command.
|
Variable |
Value |
|---|---|
|
<2-4059> |
Specifies the VLAN ID in the range of 2 to 4059. VLAN ID 1 is the default VLAN and you cannot create or delete VLAN ID 1. By default, the system reserves VLAN IDs 4060 to 4094 for internal use. On switches that support the vrf-scaling and spbm-config-mode boot configuration flags, if you enable these flags, the system also reserves VLAN IDs 3500 to 3998. |
|
name WORD<0-64> |
Specifies the VLAN name. The name attribute is optional. |
|
type pvlan-mstprstp <0-63> |
Creates a private VLAN by port. The variable <0-63> is the STP instance ID from 0 to 63. Note:
MSTI instance 62 is reserved for SPBM if SPBM is enabled on the switch. |
|
secondary<2-4059> |
Specifies the VLAN ID in the range of 2 to 4059. VLAN ID 1 is the default VLAN and you cannot create or delete VLAN ID 1. By default, the system reserves VLAN IDs 4060 to 4094 for internal use. On switches that support the vrf-scaling and spbm-config-mode boot configuration flags, if you enable these flags, the system also reserves VLAN IDs 3500 to 3998. |
Use the data in the following table to use the private vlan port type command.
|
Variable |
Value |
|---|---|
|
<isolated|promiscuous|trunk} |
Specifies the port type. If not specified, the port type defaults to None.
|
|
no private-vlan |
Port defaults to type None. |
|
default private-vlan |
Port defaults to type None. |
Note
If there are other non-private VLANs using the defined port, the following message is displayed: All non private VLANs using this interface will be removed once this port becomes a member of a private VLAN. Ports with private-vlan type of isolated or promiscuous may only contain private VLANs. Do you wish to continue (y/n) ?
Use the data in the following table to use the interface vlan and vlan members add commands.
|
Variable |
Value |
|---|---|
|
<1-4059> |
Specifies the VLAN ID in the range of 1 to 4059. By default, VLAN IDs 1 to 4059 are configurable and the system reserves VLAN IDs 4060 to 4094 for internal use. On switches that support the vrf-scaling and spbm-config-mode boot configuration flags, if you enable these flags, the system also reserves VLAN IDs 3500 to 3998. VLAN ID 1 is the default VLAN and you cannot create or delete VLAN ID 1. |