Chapter 10 Configuring Private Vlans; Understanding How Private Vlans Work - Cisco 6500 Series Software Configuration Manual

Configuring Private VLANs
This chapter describes how to configure private VLANs on the Catalyst 6500 series switches.
Release 12.1 E supports private VLANs with Release 12.1(11b)E and later.
For complete syntax and usage information for the commands used in this chapter, refer to the
Note
Catalyst 6500 Series Switch Cisco IOS Command Reference publication.
This chapter consists of these sections:
•
•
•

Understanding How Private VLANs Work

Note To configure private VLANs, the switch must be in VTP transparent mode.
Private VLANs provide Layer 2 isolation between ports within the same private VLAN. There are three
types of private VLAN ports:
•
•
•
78-14099-04
Understanding How Private VLANs Work, page 10-1
Private VLAN Configuration Restrictions and Guidelines, page 10-2
Configuring Private VLANs, page 10-5
Promiscuous—A promiscuous port can communicate with all interfaces, including the community
and isolated ports within a private VLAN.
Isolated—An isolated port has complete Layer 2 separation from other ports within the same private
VLAN except for the promiscuous port. Private VLANs block all traffic to isolated ports except
traffic from promiscuous ports. Traffic received from an isolated port is forwarded only to
promiscuous ports.
Community—Community ports communicate among themselves and with their promiscuous ports.
These interfaces are isolated at Layer 2 from all other interfaces in other communities or isolated
ports within their private VLAN.
Because trunks can support the VLANs carrying traffic between isolated, community, and
Note
promiscuous ports, isolated and community port traffic might enter or leave the switch
through a trunk interface.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E
C H A P T E R
10
10-1