Private Vlan Domains - Cisco 7604 Configuration Manual

Ios software configuration guide

Hide thumbs Also See for 7604:

Table of Contents

Understanding How Private VLANs Work

Private VLAN Domains

The private VLAN feature addresses two problems that service providers encounter when using VLANs:

Using private VLANs solves the scalability problem and provides IP address management benefits for

service providers and Layer 2 security for customers.

The private VLAN feature partitions the Layer 2 broadcast domain of a VLAN into subdomains. A

subdomain is represented by a pair of private VLANs: a primary VLAN and a secondary VLAN. A

private VLAN domain can have multiple private VLAN pairs, one pair for each subdomain. All VLAN

pairs in a private VLAN domain share the same primary VLAN. The secondary VLAN ID differentiates

one subdomain from another (see

A private VLAN domain has only one primary VLAN. Every port in a private VLAN domain is a

member of the primary VLAN. In other words, the primary VLAN is the entire private VLAN domain.

Secondary VLANs provide Layer 2 isolation between ports within the same private VLAN domain.

There are two types of secondary VLANs:

Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX

The router supports up to 4096 VLANs. If a service provider assigns one VLAN per customer, the

number of customers that service provider can support is limited.

To enable IP routing, each VLAN is assigned a subnet address space or a block of addresses, which

can result in wasting the unused IP addresses and creating IP address management problems.

Private VLAN Domain

community VLAN

Isolated VLANs—Ports within an isolated VLAN cannot communicate with each other at the

Layer 2 level.

Community VLANs—Ports within a community VLAN can communicate with each other but

cannot communicate with ports in other communities at the Layer 2 level.

isolated VLAN

Configuring Private VLANs

Show Quick Links

Table of Contents

7613 7606 7609-s 7600 series