Which IOS configuration command is required to configure a VLAN as a private VLAN?

Last Updated on August 1, 2021 by Admin 2

Which IOS configuration command is required to configure a VLAN as a private VLAN?

  • switch(config-vlan)# private-vlan common
  • switch(config-vlan)# private-vlan private
  • switch(config-vlan)# private-vlan primary
  • switch(config-vlan)# private-vlan transparent
Explanation:

Private VLANs (PVLANs) are created using the following special VLAN configuration commands:

switch(config)# vlan vlan_id
switch(config-vlan)# private-vlan [primary | isolated | community]
switch(config-vlan)# private-vlan association secondary_vlan_list

There are three types of ports in a PVLAN: promiscuous, isolated, and community. A promiscuous port can send and receive frames with other promiscuous, isolated, or community ports assigned to the same private VLAN. The interface on the switch that is the default gateway for the segment should be a promiscuous port. Isolated ports are able to send frames to promiscuous ports, but not to each other. A community port can communicate with other community ports of the same private VLAN or with promiscuous ports.

Private VLANs are supported on switches that allow the configuration of primary and secondary VLANs. A primary VLAN carries the traffic between the promiscuous port and the isolated and community ports assigned to the same primary VLAN. There are two types of secondary VLANs: isolated and community. Isolated VLANs carry traffic from isolated ports to promiscuous ports. Community VLANs carry traffic between community ports and to the promiscuous port.

Ports are defined using the following special PVLAN configuration command:

switch(config-if)# switchport mode private-vlan [promiscuous | host]

The command used for isolated and community ports is as follows:

switch(config-if)# switchport mode private-vlan host-association primary_vlan_id secondary_vlan_id

The following command syntax is used to configure a promiscuous port’s primary and secondary VLANs:

switch(config-if)# private-vlan mapping primary_vlan_id secondary_vlan_id

Objective:
Infrastructure Security
Sub-Objective:
Configure and verify switch security features

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments