VLANs involved:
- Primary
- Secondary
Secondary VLAN Types:
- Isolated
- Community
Port Types:
- Promiscuous
- Isolated
- Community
! Private VLANs require Transparent Mode VTP
SW2(config)#vtp mode transparent
! Create the Community secondary VLANs
SW2(config)#vlan 500
SW2(config-vlan)#private-vlan community
SW2(config-vlan)#exit
SW2(config)#vlan 400
SW2(config-vlan)#private-vlan community
SW2(config-vlan)#exit
SW2(config)#vlan 400
SW2(config-vlan)#private-vlan community
SW2(config-vlan)#exit
! Create the Isolated secondary VLAN
SW2(config)#vlan 200
SW2(config-vlan)#private-vlan isolated
SW2(config-vlan)#exit
! Create the Primary VLAN
SW2(config)#vlan 100
SW2(config-vlan)#private-vlan primary
! Associate all the secondary VLANs to this Primary VLAN
SW2(config-vlan)#private-vlan association 200,300,400,500
SW2(config-vlan)#exit
! Specify the Promiscuous port
SW2(config)#interface fas 0/11
SW2(config-if)#switchport mode private-vlan promiscuous
! Specify the Primary VLAN #, followed by the Secondaries
SW2(config-if)#switchport private-vlan mapping 100 200,300,400,500
SW2(config-if)#exit
! Place a couple interfaces in the Isolated VLAN
SW2(config)#interface range fas 0/12-13
SW2(config-if)#switchport mode private-vlan host
! List the Primary VLAN then Secondary (Isolated) VLAN
SW2(config-if)#switchport private-vlan host-association 100 200
! Add a port to Community VLAN 300
SW2(config)#interface fas 0/14
SW2(config-if)#switchport mode private-vlan host
SW2(config-if)#switchport private-vlan host-association 100 300
! Add a port to Community VLAN 400
SW2(config)#interface fas 0/15
SW2(config-if)#switchport mode private-vlan host
SW2(config-if)#switchport private-vlan host-association 100 400
! To Verify use:
SW2#show vlan private vlan
SW2#show int fas 0/11 switchport
