Private Vlan Ports; Primary, Isolated, And Community Vlans - Cisco 7604 Configuration Manual
Ios software configuration guide
Hide thumbs
Also See for 7604:
- Configuration manual (742 pages) ,
- Installation manual (324 pages) ,
- User manual (98 pages)
Table of Contents
Advertisement
Chapter 15
Configuring Private VLANs
Private VLAN Ports
There are three types of private VLAN ports:
•
•
•
Primary, Isolated, and Community VLANs
Primary VLANs and the two types of secondary VLANs, isolated VLANs and community VLANs, have
these characteristics:
•
•
•
A promiscuous port can serve only one primary VLAN, one isolated VLAN, and multiple community
VLANs. Layer 3 gateways are connected typically to the router through a promiscuous port. With a
promiscuous port, you can connect a wide range of devices as access points to a private VLAN. For
example, you can use a promiscuous port to monitor or back up all the private VLAN servers from an
administration workstation.
In a switched environment, you can assign an individual private VLAN and associated IP subnet to each
individual or common group of end stations. The end stations need to communicate only with a default
gateway to communicate outside the private VLAN.
OL-4266-08
Promiscuous—A promiscuous port belongs to the primary VLAN and can communicate with all
interfaces, including the community and isolated host ports that belong to the secondary VLANs that
are associated with the primary VLAN.
Isolated—An isolated port is a host port that belongs to an isolated secondary VLAN. This port has
complete Layer 2 isolation from other ports within the same private VLAN domain, except for the
promiscuous ports. Private VLANs block all traffic to isolated ports except traffic from promiscuous
ports. Traffic received from an isolated port is forwarded only to promiscuous ports.
Community—A community port is a host port that belongs to a community secondary VLAN.
Community ports communicate with other ports in the same community VLAN and with
promiscuous ports. These interfaces are isolated at Layer 2 from all other interfaces in other
communities and from isolated ports within their private VLAN domain.
Note
Because trunks can support the VLANs carrying traffic between isolated, community, and
promiscuous ports, isolated and community port traffic might enter or leave the router
through a trunk interface.
Primary VLAN— The primary VLAN carries unidirectional traffic downstream from the
promiscuous ports to the (isolated and community) host ports and to other promiscuous ports.
Isolated VLAN —A private VLAN domain has only one isolated VLAN. An isolated VLAN is a
secondary VLAN that carries unidirectional traffic upstream from the hosts toward the promiscuous
ports and the gateway.
Community VLAN—A community VLAN is a secondary VLAN that carries upstream traffic from
the community ports to the promiscuous port gateways and to other host ports in the same
community. You can configure multiple community VLANs in a private VLAN domain.
Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX
Understanding How Private VLANs Work
15-3
- Quick Links:
- Supported Hardware and Software
Hide quick links:
Advertisement
Chapters
Table of Contents
