Creating a Private VLAN

Before you begin

To create a private VLAN, you must set the VLAN type to private and set the private VLAN port type.
The ports you add to a private VLAN must have a port type of isolated, promiscuous, or trunk.

Procedure

In the navigation pane, expand the following folders: Configuration > VLAN.
Click VLANs.
In the Basic tab, click Insert.
In the Id box, enter an unused VLAN ID, or use the ID provided.
In the Name box, type the VLAN name, or use the name provided.
In the Color Identifier box, click the down arrow and choose a color from the list, or use the color provided.
In the MstpInstance box, click the down arrow and choose an msti instance from the list.
In the Type box, select private.
In the PortMembers box, click the (...) button.
Click on the ports to add as member ports.

The ports that are selected are recessed, while the non-selected ports are not recessed. Port numbers that are dimmed cannot be selected as VLAN port members.
Click OK.
In the Secondary Vlan box, enter an unused VLAN ID.
Click Insert.
Collapse the VLANs tab.

The VLAN is added to the Basic tab.

To set the port type for the private VLAN:
In the navigation pane, expand the following folders: Configuration > VLAN.
Click VLANs.
In the Classification area, select the PrivateVlanPortType.
Click Apply.
Click Close.

Basic Field Descriptions

Use the data in the following table to use the Basic tab.


Name	Description
Id	Specifies the VLAN ID in the range of 2 to 4059. VLAN ID 1 is the default VLAN and you cannot create or delete VLAN ID 1. By default, the system reserves VLAN IDs 4060 to 4094 for internal use. On switches that support the vrf-scaling and spbm-config-mode boot configuration flags, if you enable these flags, the system also reserves VLAN IDs 3500 to 3998.
Name	Specifies the name of the VLAN.
IfIndex	Specifies the logical interface index assigned to the VLAN.
Color Identifier	Specifies a proprietary color scheme to associate a color with the VLAN. Color does not affect how frames are forwarded.
Type	Specifies the type of VLAN: byPort byProtocolId spbm-bvlan private
MstpInstance	Identifies the MSTP instance.
VrfId	Indicates the Virtual Router to which the VLAN belongs.
VrfName	Indicates the name of the Virtual Router to which the VLAN belongs.
PortMembers	Specifies the slot/port of each VLAN member. The system displays the sub-port only for channelized ports.
ActiveMembers	Specifies the slot/port of each VLAN member. The system displays the sub-port only for channelized ports.
StaticMembers	Specifies the slot/port of each static member of a policy-based VLAN. The system displays the sub-port only for channelized ports.
NotAllowToJoin	Specifies the slot/ports that are never allowed to become a member of the policy-based VLAN. The system displays the sub-port only for channelized ports.
ProtocolId	Specifies the network protocol for protocol-based VLANs. This value is taken from the Assigned Numbers of remote function call (RFC). If the VLAN type is port-based, none is displayed in the Basic tab ProtocolId field.
AgingTime	Specifies the timeout period, in seconds, to age out dynamic members of this VLAN. This field only applies to policy-based VLANs. The default is 600.

Note

If you or another user changes the name of an existing VLAN using the VLAN Basic tab (or using CLI), the system does not display the new name initially in EDM. To display the updated name, perform one of the following actions:

Refresh your browser to reload EDM.
Log out of EDM and log in again to restart EDM.
Click Refresh in the VLAN Basic tab toolbar. If the system displays the old VLAN name in other tabs, click Refresh on those tabs as well.

VLAN Field Descriptions

Use the data in the following table to use the VLAN tab.


Name	Description
PrivateVlanPortType	Specifies the port type. If not specified, the port type defaults to None. Isolated: An Isolated port can belong only to one private VLAN Promiscuous: A Promiscuous port can belong to many private VLANs. Trunk: A Trunk port can belong to many private VLANs, is tagged, and can also belong to non-private VLANs.