| Exam 400-101 | Question id=1289 | Layer 2 Technologies |
You issue the show vlan private-vlan command on SwitchA and receive the following partial output:
SwwitchA# show vlan private-vlan
Primary Secondary Type Ports
------- --------- ---------- --------
30 10 isolated Fa0/1, Fa0/2, Fa0/6
30 20 community Fa0/1, Fa0/3, Fa0/4
30 40 community Fa0/1, Fa0/5
You are going to create secondary VLAN 50 and associate it with primary VLAN 30.
Which of the following commands should you issue in VLAN configuration mode for VLAN 50?
| A. |
private-vlan community | |
| B. |
private-vlan isolated | |
| C. |
private-vlan primary | |
| D. |
private-vlan secondary | |
| E. |
private-vlan association 30 | |
| F. |
private-vlan association add 30 |
You should issue the private-vlan community command in virtual LAN (VLAN) configuration mode for VLAN 50. The private-vlan community command configures a VLAN to be a community secondary VLAN.
A private VLAN (PVLAN) provides separation between ports that belong to the same VLAN. Because the separation exists at Layer 2, the hosts can exist on the same IP subnet. The VLAN to which the hosts belong is called the primary VLAN. To configure a VLAN as a primary VLAN, you should issue the private-vlan primary command. You should not issue the private-vlan primary command for VLAN 50, because doing so would make VLAN 50 a primary VLAN, not a secondary VLAN.
To create a PVLAN, you must create secondary VLANs and associate them with the primary VLAN. There are two types of secondary VLANs: community VLANs and isolated VLANs. Ports that belong to a community VLAN can communicate with promiscuous ports and with other ports that belong to the same community.
However, they cannot communicate with isolated ports or with ports that belong to other communities. To configure a VLAN as a community VLAN, you should issue the private-vlan community command.
Ports that belong to an isolated VLAN can communicate with only promiscuous ports. To configure a VLAN as an isolated VLAN, you should issue the private-vlan isolated command. Only one isolated VLAN can be associated with a primary VLAN. Therefore, you should not issue the privatevlan isolated command for VLAN 50, because VLAN 10 is configured as an isolated VLAN and is associated with primary VLAN 30. If VLAN 10 did not exist, you could configure VLAN 50 as an isolated VLAN and associate it with primary VLAN 30.
You should not issue the private-vlan secondary command for VLAN 50. The private-vlan secondary command uses incorrect syntax; therefore, issuing this command will generate an error.
You should not issue the private-vlan association 30 command or the private-vlan association add 30 command for VLAN 50. The privatevlan association command associates the primary VLAN with one or more secondary VLANs; this command should be issued in VLAN configuration mode for the primary VLAN. Therefore, the private-vlan association command should not be issued for VLAN 50; it should be issued for VLAN 30. Issuing the private-vlan association 50 command for VLAN 30 would associate only secondary VLAN 50 with primary VLAN 30, but doing so would remove the existing secondary VLAN associations for VLAN 30. Issuing the private-vlan association add 50 command for VLAN 30 would add secondary VLAN 50 to the list of existing secondary VLANs that are associated with VLAN 30.