VLANs | 223Creating an IP Subnet-based VLANAs shown in Figure 14-183, use the vlan association subnet ipaddr netmask command in Interface VLANmode to configure an IP subnet-based VLAN by associating the VLAN with an IP address and subnetmask. Use the show vlan association subnet [ipaddr netmask] command to display the settings.Figure 14-183. Using the vlan association subnet and show vlan association subnet CommandsConfiguring a Private Edge VLAN (PVLAN)Use the Private Edge VLAN feature to prevent selected ports on the switch from forwarding traffic to eachother, even if they are on the same VLAN.• Protected ports cannot forward traffic to other protected ports in the same group, even if they have thesame VLAN membership. Protected ports can forward traffic to unprotected ports.• Unprotected ports can forward traffic to both protected and unprotected ports.If a port is configured as a protected port, and you then add that port to a Link Aggregation Group (LAG)(also called a port channel), its protected port status becomes operationally disabled, and the port followsits configuration defined for the LAG. However, its protected port configuration remains, so if you removethe port from the LAG, the protected port configuration for that port automatically becomes effective.The commands supporting this feature are:• show interfaces switchport• show switchport protected• switchport protected (Global Config)• switchport protected (Interface Config)For syntax details, see the System Configuration chapter in the SFTOS Command Reference.Note: IP Subnet-based VLAN functionality was not tested in SFTOS 2.5.2.0, so it is not supported.Force10 (Config)#interface vlan 24Force10 (conf-if-vl-vlan-24)#vlan association subnet 192.168.10.10 255.255.255.0Force10 (conf-if-vl-vlan-24)#exitForce10 (Config)#show vlan association subnetIP Address IP Mask VLAN ID---------------- ---------------- -------192.168.10.10 255.255.255.0 2