Which IOS interface configuration command is required to configure a switch port to be a promiscuous PVLAN access port?
A. switchport mode promiscuous
B. switchport mode promiscuous-vlan
C. switchport mode private-vlan host
D. switchport mode private-vlan promiscuous
Correct Answer: D
Explanation/Reference:
Answer:
A promiscuous port type can send frames to all other ports in the same private VLAN (PVLAN). The switchport mode private-vlan promiscuous command configures a port to be a promiscuous port. The syntax is as follows:
switch(config-if)# switchport mode private-vlan promiscuous
There are three types of ports in a private VLAN (PVLAN): promiscuous, isolated, and community. A promiscuous port can send and receive frames with other promiscuous, isolated, or community ports assigned to the same private VLAN.
Isolated ports are able to send frames to promiscuous ports, but not to each other. A community port can communicate with other community ports of the same private VLAN or with promiscuous ports.
Private VLANs are supported on switches that allow the configuration of primary and secondary VLANs. A primary VLAN carries the traffic between the promiscuous port and the isolated and community ports assigned to the same primary
VLAN. There are two types of secondaryVLANs, isolated and community. Isolated VLANs carry traffic from isolated ports to promiscuous ports. Community VLANs carry traffic between community ports and to the promiscuous port.
Therefore, on a promiscuous port, you would use the following command syntax to configure its primary and secondary VLANs: switch(config-if)# private-vlan mapping primary_vlan_id secondary_vlan_id PVLANs are created using the following special VLAN configuration commands:
switch(config)# vlan vlan_id
switch(config-vlan)# private-vlan [primary | isolated | community] switch(config-vlan)# private-vlan association secondary_vlan_list
Host ports are defined using the following special PVLAN configuration command: switch(config-if)# switchport mode private-vlan host
The command used for isolated and community ports is as follows:
switch(config-if)# switchport mode private-vlan host-association primary_vlan_id secondary_vlan_id
Objective:
Infrastructure Security Sub-Objective:
Configure and verify switch security features
References:
Cisco > Home > Support > Product Support > End-of-Sale and End-of-Life Products > Cisco Catalyst 6000 Series Switches > Configure > Configuration Examples and Technotes > Securing Networks with Private VLANs and VLAN Access Control Lists
Cisco > Cisco IOS Interface and Hardware Component Command Reference > switchport mode
Explanation/Reference:
Answer:
A promiscuous port type can send frames to all other ports in the same private VLAN (PVLAN). The switchport mode private-vlan promiscuous command configures a port to be a promiscuous port. The syntax is as follows:
switch(config-if)# switchport mode private-vlan promiscuous
There are three types of ports in a private VLAN (PVLAN): promiscuous, isolated, and community. A promiscuous port can send and receive frames with other promiscuous, isolated, or community ports assigned to the same private VLAN.
Isolated ports are able to send frames to promiscuous ports, but not to each other. A community port can communicate with other community ports of the same private VLAN or with promiscuous ports.
Private VLANs are supported on switches that allow the configuration of primary and secondary VLANs. A primary VLAN carries the traffic between the promiscuous port and the isolated and community ports assigned to the same primary
VLAN. There are two types of secondaryVLANs, isolated and community. Isolated VLANs carry traffic from isolated ports to promiscuous ports. Community VLANs carry traffic between community ports and to the promiscuous port.
Therefore, on a promiscuous port, you would use the following command syntax to configure its primary and secondary VLANs: switch(config-if)# private-vlan mapping primary_vlan_id secondary_vlan_id PVLANs are created using the following special VLAN configuration commands:
switch(config)# vlan vlan_id
switch(config-vlan)# private-vlan [primary | isolated | community] switch(config-vlan)# private-vlan association secondary_vlan_list
Host ports are defined using the following special PVLAN configuration command: switch(config-if)# switchport mode private-vlan host
The command used for isolated and community ports is as follows:
switch(config-if)# switchport mode private-vlan host-association primary_vlan_id secondary_vlan_id
Objective:
Infrastructure Security Sub-Objective:
Configure and verify switch security features
References:
Cisco > Home > Support > Product Support > End-of-Sale and End-of-Life Products > Cisco Catalyst 6000 Series Switches > Configure > Configuration Examples and Technotes > Securing Networks with Private VLANs and VLAN Access Control Lists
Cisco > Cisco IOS Interface and Hardware Component Command Reference > switchport mode
