Associating Primary And Secondary Vlans - Cisco Nexus 5000 Series Configuration Manual
Nx-os layer 2 switching configuration guide, release 5.0(3)n1(1)
Hide thumbs
Also See for Nexus 5000 Series:
- Cli configuration manual (660 pages) ,
- Configuration manual (334 pages) ,
- Command reference manual (196 pages)
Table of Contents
Advertisement
Primary, Isolated, and Community Private VLANs
The following figure shows the traffic flows within a private VLAN, along with the types of VLANs and
types of ports.
Figure 4: Private VLAN Traffic Flows
Note
The private VLAN traffic flows are unidirectional from the host ports to the promiscuous ports. Traffic
received on primary VLAN enforces no separation and forwarding is done as in normal VLAN.
A promiscuous access port can serve only one primary VLAN and multiple secondary VLANs (community
and isolated VLANs). A promiscuous trunk port can carry traffic for several primary VLANs. Multiple
secondary VLANs under a given primary VLAN can be mapped to promiscuous trunk ports. With a
promiscuous port, you can connect a wide range of devices as access points to a private VLAN. For example,
you can use a promiscuous port to monitor or back up all the private VLAN servers from an administration
workstation.
In a switched environment, you can assign an individual private VLAN and associated IP subnet to each
individual or common group of end stations. The end stations need to communicate only with a default gateway
to communicate outside the private VLAN.
Associating Primary and Secondary VLANs
To allow host ports in secondary VLANs to communicate outside the private VLAN, you associate secondary
VLANs to the primary VLAN. If the association is not operational, the host ports (community and isolated
ports) in the secondary VLAN are brought down.
Cisco Nexus 5000 Series NX-OS Layer 2 Switching Configuration Guide, Release 5.0(3)N1(1)
58
Configuring Private VLANs
Advertisement
Table of Contents
