Private Vlan Overview - Cisco Nexus 9000 Series Configuration Manual

Nx-os layer 2 switching configuration

Hide thumbs Also See for Nexus 9000 Series:

Configuration manual (562 pages)

Troubleshooting manual (126 pages)

Quick start configuration manual (6 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

Table Of Contents

199

page of 199

/ 199
Contents
Table of Contents
Bookmarks

Table of Contents

Private VLAN Overview

In configurations that use integrated switching and routing functions, you can assign a single Layer 3 VLAN

network interface to each private VLAN to provide routing. The VLAN network interface is created for the

primary VLAN. In such configurations, all secondary VLANs communicate at Layer 3 only through a mapping

with the VLAN network interface on the primary VLAN. Any VLAN network interfaces previously created

on the secondary VLANs are put out-of-service.

Private VLAN Overview

You must enable private VLANs before the device can apply the private VLAN functionality.

You cannot disable private VLANs if the device has any operational ports in a private VLAN mode.

You must have already created the VLAN before you can convert the specified VLAN to a private VLAN,

Note

either primary or secondary.

Primary and Secondary VLANs in Private VLANs

The private VLAN feature addresses two problems that users encounter when using VLANs:

• Each VDC supports up to 4096 VLANs. If a user assigns one VLAN per customer, the number of

• To enable IP routing, each VLAN is assigned with a subnet address space or a block of addresses, which

Using private VLANs solves the scalability problem and provides IP address management benefits and Layer 2

security for customers.

The private VLAN feature allows you to partition the Layer 2 broadcast domain of a VLAN into subdomains.

A subdomain is represented by a pair of private VLANs: a primary VLAN and a secondary VLAN. A private

VLAN domain can have multiple private VLAN pairs, one pair for each subdomain. All VLAN pairs in a

private VLAN domain share the same primary VLAN. The secondary VLAN ID differentiates one subdomain

from another.

Note

A private VLAN domain has only one primary VLAN.

Secondary VLANs provide Layer 2 isolation between ports within the same private VLAN. The following

two types are secondary VLANs within a primary VLAN:

• Isolated VLANs—Ports within an isolated VLAN cannot communicate with each other at the Layer 2

• Community VLANs—Ports within a community VLAN can communicate with each other but cannot

Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x

customers that the service provider can support is limited.

can result in wasting the unused IP addresses and creating IP address management problems.

level.

communicate with ports in other community VLANs or in any isolated VLANs at the Layer 2 level.

Configuring Private VLANs Using NX-OS

Table of Contents

Show Quick Links

Quick Links:
Spanning Tree
Configuring Port Vlan Mapping on a...
Configuring Inner Vlan and Outer Vlan...

Hide quick links:

Table of Contents

Private Vlan Overview - Cisco Nexus 9000 Series Configuration Manual

Private VLAN Overview

Hide quick links:

Related Manuals for Cisco Nexus 9000 Series

Related Content for Cisco Nexus 9000 Series

Table of Contents