Private Vlan Ports - Cisco Nexus 9000 Series Configuration Manual
Nx-os layer 2 switching configuration
Hide thumbs
Also See for Nexus 9000 Series:
- Configuration manual (562 pages) ,
- Troubleshooting manual (126 pages) ,
- Quick start configuration manual (6 pages)
Table of Contents
Advertisement
Configuring Private VLANs Using NX-OS
Private VLAN Ports
Note
Both community and isolated private VLAN ports are labeled as PVLAN host ports. A PVLAN host port
is either a community PVLAN port or an isolated PVLAN port depending on the type of secondary VLAN
with which it is associated.
The types of private VLAN ports are as follows:
• Promiscuous port—A promiscuous port belongs to the primary VLAN. The promiscuous port can
communicate with all interfaces, including the community and isolated host ports, that belong to those
secondary VLANs associated to the promiscuous port and associated with the primary VLAN. You can
have several promiscuous ports in a primary VLAN. Each promiscuous port can have several secondary
VLANs, or no secondary VLANs, associated to that port. You can associate a secondary VLAN to more
than one promiscuous port, as long as the promiscuous port and secondary VLANs are within the same
primary VLAN. You may want to do this association for load balancing or redundancy purposes. You
can also have secondary VLANs that are not associated to any promiscuous port, but these secondary
VLANs cannot communicate to the Layer 3 interface.
Note
• Promiscuous trunk—You can configure a promiscuous trunk port to carry traffic for multiple primary
VLANs. You map the private VLAN primary VLAN and either all or selected associated VLANs to the
promiscuous trunk port. Each primary VLAN and one associated and secondary VLAN is a private
VLAN pair, and you can configure a maximum of 16 private VLAN pairs on each promiscuous trunk
port.
Note
• Isolated port—An isolated port is a host port that belongs to an isolated secondary VLAN. This port has
complete Layer 2 isolation from other ports within the same private VLAN domain, except that it can
communicate with associated promiscuous ports. Private VLANs block all traffic to isolated ports except
traffic from promiscuous ports. Traffic received from an isolated port is forwarded only to promiscuous
ports. You can have more than one isolated port in a specified isolated VLAN, and each port is completely
isolated from all other ports in the isolated VLAN.
• Isolated or secondary trunk—You can configure an isolated trunk port to carry traffic for multiple isolated
VLANs. Each secondary VLAN on an isolated trunk port must be associated with a different primary
VLAN. You cannot put two secondary VLANs that are associated with the same primary VLAN on an
isolated trunk port. Each primary VLAN and one associated secondary VLAN is a private VLAN pair,
and you can configure a maximum of 16 private VLAN pairs on each isolated trunk port.
As a best practice, you should map all the secondary ports on the primary to minimize
any loss of traffic.
Private VLAN promiscuous trunk ports carry traffic for normal VLANs as well as for
primary private VLANs.
Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide, Release 7.x
Private VLAN Overview
45
Hide quick links:
Advertisement
Table of Contents
