Cisco Catalyst 4500 series Administration Manual page 1096
Hide thumbs
Also See for Catalyst 4500 series:
- Software configuration manual (2086 pages) ,
- Configuration manual (1610 pages) ,
- Command reference manual (1230 pages)
Table of Contents
Advertisement
About Private VLANs
Term
Isolated Port
Isolated VLAN
Primary VLAN
PVLAN Trunk Port
Promiscuous Port
Promiscuous Trunk Port
Twoway-Community Ports
Twoway-Community VLANs
Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E
44-4
Definition
An isolated port is a host port that belongs to an isolated
secondary VLAN. It has complete Layer 2 separation from
other ports within the same PVLAN, except for the
promiscuous ports. PVLANs block all traffic to isolated
ports except traffic from promiscuous ports. Traffic received
from an isolated port is forwarded only to promiscuous
ports.
Isolated VLAN —A PVLAN has only one isolated VLAN.
An isolated VLAN is a secondary VLAN that carries
unidirectional traffic upstream from the hosts toward the
promiscuous ports and the gateway.
Primary VLAN—A PVLAN has only one primary VLAN.
Every port in a PVLAN is a member of the primary VLAN.
The primary VLAN carries unidirectional traffic
downstream from the promiscuous ports to the (isolated and
community) host ports and to other promiscuous ports.
A PVLAN trunk port can carry multiple secondary (isolated
only) and non-PVLANs. Packets are received and
transmitted with secondary or regular VLAN tags on the
PVLAN trunk ports.
Only IEEE 802.1q encapsulation is supported.
Note
A promiscuous port belongs to the primary VLAN and can
communicate with all interfaces, including the community
and isolated host ports and PVLAN trunk ports that belong
to the secondary VLANs associated with the primary
VLAN.
A promiscuous trunk port can carry multiple primary and
normal VLANs. Packets are received and transmitted with
primary or regular VLAN tags. Other than that, the port
behaves just like a promiscuous access port.
Only IEEE 802.1q encapsulation is supported.
Note
A twoway-community port is a host port that belongs to a
twoway-community secondary VLAN. Ports within a
twoway-community VLAN can communicate with each
other but not with ports in other communities or
twoway-communities at the Layer 2 level.
These interfaces are isolated at Layer 2 from all other
interfaces in other twoway communities and from isolated
ports within their PVLAN.
A bidirectional VLAN. Ports within a 2-way community
VLAN can communicate with each other but cannot
communicate with ports in other 2-way communities at the
Layer 2 level.
Chapter 44
Configuring Private VLANs
OL_28731-01
Advertisement
Chapters
Table of Contents
Troubleshooting
