The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter contains the following sections:
Private VLANs (PVLANs) are used to segregate Layer 2 ISP traffic and convey it to a single router interface. PVLANs achieve device isolation by applying Layer 2 forwarding constraints that allow end devices to share the same IP subnet while being Layer 2 isolated. In turn, the use of larger subnets reduces address management overhead.
For more information about PVLANs, see the Cisco Nexus 1000V Layer 2 Switching Configuration Guide.
1. switch# configure terminal
2. switch(config)# port-profile [type {ethernet | vethernet}] name
3. switch(config-port-prof)# switchport mode private-vlan {host| promiscuous|trunk promiscuous}
4. switch(config-port-prof)# switchport private-vlan host-association primary-vlan secondary-vlan
5. switch(config-port-prof)# switchport private-vlan trunk allowed vlan vlan-range
6. switch(config-port-prof)# switchport private-vlan mapping primary_vlan [add | remove] secondary_vlan
7. switch(config-port-prof)# switchport private-vlan mapping trunk primary_vlan [add | remove] secondary_vlan
8. (Optional) switch(config-port-prof)# show port-profile [brief | expand-interface | usage] [name profile-name]
9. (Optional) switch(config-port-prof)# copy running-config startup-config
The following examples show different ways that port profiles can be configured as private VLANs.
switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z. switch(config)# port-profile type vethernet pvcomm switch(config-port-prof)# vmware port-group switch(config-port-prof)# switchport mode private-vlan host switch(config-port-prof)# switchport private-vlan host-association 153 154 switch(config-port-prof)# no shutdown switch(config-port-prof)# state enabled switch(config-port-prof)# show run port-profile pv154 !Command: show running-config port-profile pv154 !Time: Fri Jan 7 15:10:43 2011 version 4.2(1)SV1(4) port-profile type vethernet pv154 vmware port-group switchport mode private-vlan host switchport private-vlan host-association 153 154 no shutdown max-ports 1024 state enabled switch(config-port-prof)# port-profile type vethernet pvprom switch(config-port-prof)# vmware port-group switch(config-port-prof)# switchport mode private-vlan promiscuous switch(config-port-prof)# switchport private-vlan mapping 153 154-155 switch(config-port-prof)# no shutdown switch(config-port-prof)# state enabled switch(config-port-prof)# show run port-profile pvprom !Command: show running-config port-profile pvprom !Time: Fri Jan 7 15:11:43 2011 version 4.2(1)SV1(4) port-profile type vethernet pv153 vmware port-group switchport mode private-vlan promiscuous switchport private-vlan mapping 153 154-155 no shutdown max-ports 1024 state enabled switch(config-port-prof)# port-profile type ethernet pvpromtrunk switch(config-port-prof)# vmware port-group switch(config-port-prof)# switchport mode private-vlan trunk promiscuous switch(config-port-prof)# switchport private-vlan mapping trunk 153 154-155 switch(config-port-prof)# switchport private-vlan mapping trunk 156 157 switch(config-port-prof)# switchport private-vlan trunk allowed vlan all switch(config-port-prof)# no shutdown switch(config-port-prof)# state enabled switch(config-port-prof)# show run port-profile pvpromtrunk !Command: show running-config port-profile pvpromtrunk !Time: Fri Jan 7 15:12:24 2011 version 4.2(1)SV1(4) port-profile type ethernet pvpromtrunk vmware port-group switchport mode private-vlan trunk promiscuous switchport private-vlan mapping trunk 153 154-155 switchport private-vlan mapping trunk 156 157 switchport private-vlan trunk allowed vlan 1-3967,4048-4093 no shutdown state enabled
Feature Name |
Release |
Feature Information |
---|---|---|
Private VLAN Port Profiles |
4.0(4)SV1(1) |
This feature was introduced. |