Pvlan Terminology - Cisco Catalyst 4500 Series Software Configuration Manual
Cisco ios xe release 3.9.xe and cisco ios release 15.2(5)ex
Hide thumbs
Also See for Catalyst 4500 Series:
- Administration manual (1814 pages) ,
- Configuration manual (1610 pages) ,
- Command reference manual (1230 pages)
Table of Contents
Advertisement
Chapter 47
Configuring Private VLANs
In a switched environment, you can assign an individual PVLAN and associated IP subnet to each
individual or common group of end stations. The end stations need to communicate only with a default
gateway to communicate outside the PVLAN.
You can use PVLANs to control access to end stations in these ways:
•
•
•
PVLAN Terminology
The following table defines the key terms used in this chapter:
Term
PVLANs
Secondary VLAN
Community Port
Community VLAN
Configure selected interfaces connected to end stations as isolated ports to prevent any
communication at Layer 2. For example, if the end stations are servers, this configuration prevents
Layer 2 communication between the servers.
Configure interfaces connected to default gateways and selected end stations (such as, backup
servers) as promiscuous ports to allow all end stations access to a default gateway.
Reduce VLAN and IP subnet consumption; you can prevent traffic between end stations even though
they are in the same VLAN and IP subnet.
With a promiscuous port, you can connect a wide range of devices as access points to a PVLAN. For
example, you can connect a promiscuous port to the server port of a LocalDirector to connect an
isolated VLAN or a number of community (or twoway-community) VLANs to the server.
LocalDirector can load balance the servers present in the isolated, community, or
twoway-community VLANs, or you can use a promiscuous port to monitor or back up all the
PVLAN servers from an administration workstation.
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
Definition
PVLANs are sets of VLAN pairs that share a common
primary identifier and provide a mechanism for achieving
layer-2 separation between ports while sharing a single
layer-3 router port and IP subnet.
A type of VLAN used to implement PVLANs. Secondary
VLANs are associated with a primary VLAN, and are used
to carry traffic from hosts to other allowed hosts or to
routers.
A community port is a host port that belongs to a community
secondary VLAN. Community ports communicate with
other ports in the same community VLAN and with
promiscuous ports. These interfaces are isolated at Layer 2
from all other interfaces in other communities and from
isolated ports within their PVLAN.
Community VLAN—A community VLAN is a secondary
VLAN that carries upstream traffic from the community
ports to the promiscuous port gateways and to other host
ports in the same community. You can configure multiple
community VLANs in a PVLAN.
About Private VLANs
47-3
Advertisement
Chapters
Table of Contents
Troubleshooting
