• Download PDFs
• Creating a Private VLAN (CLI Procedure)  

• Related Topics
• Example: Configuring a Private VLAN on an EX-series Switch
• Verifying That a Private VLAN Is Working
• Understanding Private VLANs on EX-series Switches

Creating a Private VLAN (CLI Procedure)

The private VLAN (PVLAN) feature on EX-series switches allows an administrator to split a broadcast domain into multiple isolated broadcast subdomains, essentially putting a VLAN inside a VLAN.

Before you begin, make sure you set up your VLANs. See Configuring VLANs for EX-series Switches (CLI Procedure) or Configuring VLANs for EX-series Switches (J-Web Procedure).

To configure private VLANS:

1. Set the primary VLAN to have no local switching:

   Note: The primary VLAN must be a tagged VLAN.

   
   [edit vlans]
user@switch# set primary-vlan-name no-local-switching
2. For each community VLAN, configure access interfaces:

   Note: The secondary VLANs must be untagged VLANs.

   
   [edit vlans]
user@switch# set community-vlan-name interface ge-chassis/slot/port
3. For each community VLAN, set the primary VLAN:
   [edit vlans]
user@switch# set community-vlan-name primary-vlan primary-vlan-name
4. For each isolated VLAN, add the interface to the primary VLAN:
   [edit vlans]
user@switch# set primary-vlan-name interface ge-chassis/slot/port