vlan private-vlan


vlan <PRIMARY-VLAN-ID> private-vlan 
  [primary | isolated <VLAN-ID> | community <VLAN-ID-LIST>]

no vlan <PRIMARY-VLAN-ID> private-vlan 
  [primary | isolated <VLAN-ID> | community <VLAN-ID-LIST>]


Creates new private VLAN or changes an existing VLAN into a private VLAN.

The no form of the command removes secondary VLANs from the configuration or removes the PVLAN from the configuration by reconfiguring the primary VLAN as a regular VLAN.

Command context

Required context: config



Specifies the VLAN ID of the primary VLAN in the PVLAN.


Specifies that <PRIMARY-VLAN-ID> is the primary VLAN in a PVLAN.

isolated <VLAN-ID>

Specifies an isolated VLAN in the PVLAN, where <VLAN-ID> is the VLAN ID of the isolated VLAN.

community <VLAN-ID-LIST>

Specifies one or more community VLANs in the PVLAN, where <VLAN-ID-LIST> contains the VLAN IDs of the community VLANs. Separate individual VLAN IDs with commas. Specify ranges of VLAN IDs with hyphens.


The no form of this command removes the PVLAN configuration as follows:

  • When used with the isolated or community parameter, removes the secondary VLAN from the configuration and assigns any ports to the default VLAN (VLAN 1).

  • When used without the isolated or community parameters, removes the private VLAN configuration from the configuration and converts the primary VLAN into a regular VLAN.


The following example configures a PVLAN with primary VLAN 300, isolated VLAN 301, community VLAN 302, and community VLAN 303:

switch(config)# vlan 300 private-vlan primary 
switch(config)# vlan 300 private-vlan isolated 301
switch(config)# vlan 300 private-vlan community 302-303