Private VLANs

How to create Private Vlans. Below are the steps I follow:

1> create a map of how your network is and the interfaces in the port modes
2> create primary and sub vlans and associate sub-vlans to primary vlan
3> add interfaces to either isolated or community
4> finally add the promiscuous port and map private-vlans which can reach this promiscuous port.

1>Creating the map
Primary vlan: 200
f4/27    Router--> promiscuous port
f4/26FTP--> Isolated   vlan 210
f4/24 and f4/25  WWW and sql-->community   vlan 205

2.a> Creating vlan and sub vlans
conf t
vtp mode transparent
vlan 200
private-vlan primary
exit
vlan 205
private-vlan community
exit
vlan 210
private-vlan isolated
exit
================
2.b> Associating the sub-vlans to Primary vlan


associating 205 and 210 to vlan 100

vlan 200
private-vlan association 205,210

===============
show vlan private-vlan type
============

configuring fast ethernet ports now

3> add ports to Private vlans and to modes

int fa4/24
switchport mode private-vlan host
switchport private-vlan host association 200 205

4> creating promiscuous port and map private-vlans which can reach this promiscuous port

int fa4/27
switchport mode private-vlan promiscuous
switchport private-vlan mapping 200 205,210