You are on page 1of 4

Private VLAN Catalyst Switch Support Matrix

Document ID: 10584
Introduction Prerequisites Requirements Components Used Conventions Support for the PVLAN Feature in Cisco Catalyst Switches NetPro Discussion Forums − Featured Conversations Related Information

Introduction
Private VLANs (PVLANs) provide Layer (L2) isolation between ports within the same VLAN. The table in this document summarizes the support of the PVLAN feature in Cisco Catalyst switches. Refer to Securing Networks with Private VLANs and VLAN Access Control Lists for more information on how to understand and implement networks that use PVLANs. Click on the Catalyst switch in the table in this document. This will provide the step−by−step configuration guide on how to configure PVLANs on specific Catalyst switches.

Prerequisites
Requirements
There are no specific requirements for this document.

Components Used
This document is not restricted to specific software and hardware versions.

Conventions
Refer to Cisco Technical Tips Conventions for more information on document conventions.

Support for the PVLAN Feature in Cisco Catalyst Switches
This table provides information about the PVLAN feature support in Cisco Catalyst switches: PVLAN Supported Minimum Software Version 5.4(1) on Supervisor and

Catalyst Platform

Isolated VLAN Yes

PVLAN Edge Community (Protected Port) VLAN Not Supported Yes

Catalyst 6500/6000 − Hybrid mode

1(4)EA1 Supported onwards. Not 12. Yes.0(5.(CatOS on Supervisor and Cisco IOS® on MSFC) Catalyst 6500/6000 − Native mode (Cisco IOS® System software on both Supervisor and MSFC) Catalyst 5500/5000 Catalyst 4500/4000 − CatOS Catalyst 4500/4000 − Cisco IOS Catalyst 3550 12.1(8a)EW Not Supported Yes Not Supported Yes.0(7)XE1 on MSFC 12.12. Yes. 12. Not 12.2(20)SE − EMI 12. 12.2(20)SE − EMI Not Not Supported Supported Not Not Supported Supported Not Not Supported Supported Yes Yes.2)WC1. 12. 12.2(25)EY − EMI Yes Yes . Not Supported 12. Catalyst 2900XL/3500XL Not Supported Catalyst 2948G−L3 / 4908G−L3 Catalyst 1900 Catalyst 8500 Not Supported Not Supported Not Supported 12.1(11b)E1 Yes Not Supported and later. Catalyst 2950 Not Supported Yes.1(4)EA1 Not and later. Not Not Not Supported Supported Supported Yes Not Supported 6.2(1) Yes Not Supported Yes Yes. Supported 12.1(11)AX onwards. Supported Yes.1(14)AX onwards.1(8a)EX.0(5)XU Not (on 8MB Not Supported switches only) Supported onwards. 12. Not Supported Not Supported Not Supported Catalyst 3560 Yes Catalyst 3750 Yes Yes Catalyst 3750 Metro 12.2(20)EW onwards.1(19)EA1 onwards.

and technologies.1. Not Supported Catalyst 2948G/2980G Catalyst 2955 6.3(1) and later. suggestions. Refer to Configuring Private VLANs for additional restrictions. The latest version of code that runs on the Catalyst 2900XL is Cisco IOS 11. Not 12.1. it provides isolation. • PVLAN support on Firewall Services Module (FWSM) begins in software version 3. The featured links are some of the most recent conversations available in this technology. Traffic cannot be forwarded between protected ports at Layer 2.1(11)AX Supported onwards.0(5) XU or later code. products. A protected port does not forward any traffic (unicast. Not 12.Catalyst 2940 Not Supported Yes. the only possible workaround is to connect the promiscuous port of the PVLAN using the crossover cable to a regular access port. Not 12.2(25)FX Supported and later. multicast. • PVLAN is supported on sc0 in the Catalyst 4500/4000 and Catalyst 6500/6000 that run CatOS. Not Not Supported Supported Yes Not Supported Not Supported Not Supported Not Supported Catalyst 2970 Catalyst 2960 Catalyst Express 500 Additional Notes: Not Supported • The PVLAN edge (protected port) is a feature that has only local significance to the switch. or broadcast) to any other port that is also a protected port in the same switch. • Four MB Catalyst 2900XL Series Switches do not support the protected port feature. Two−way community VLANS in PVLANs are currently not supported on the Catalyst 4500/4000 Series Switches that run Cisco IOS. Therefore. as these cannot be upgraded to Cisco IOS 12. cannot have dynamic VLAN membership. All traffic passing between protected ports must be forwarded through a Layer 3 device.1(13)AY Supported onwards. and cannot be a Switched Port Analyzer (SPAN) destination. cannot channel. If you run a software version earlier than 3. and there is no isolation provided between two protected ports located on different switches. Yes. and information about networking solutions.1(6)EA2 Supported onwards. make a firewall for the VLAN of that access port. NetPro Discussion Forums − Featured Conversations Networking Professionals Connection is a forum for networking professionals to share questions. NetPro Discussion Forums − Featured Conversations for LAN Network Infrastructure: LAN Routing and Switching Network Infrastructure: Getting Started with LANs . • PVLAN ports cannot be trunk ports. Not 12. Then. in software release 6.2(8)SA6.2 Not Supported Not Supported Not Supported Yes Not Supported Yes. Yes.

Related Information • Securing Networks with Private VLANs and VLAN Access Control Lists • Configuring Isolated Private VLANs on Catalyst Switches • LAN Switching Product Support • LAN Switching Technology Support • Technical Support & Documentation − Cisco Systems Contacts & Feedback | Help | Site Map © 2007 − 2008 Cisco Systems. Terms & Conditions | Privacy Statement | Cookie Policy | Trademarks of Cisco Systems. Updated: Dec 08. 2006 Document ID: 10584 . Inc. All rights reserved. Inc.