VLAN Management
Overview
NOTE
Cisco 500 Series Stackable Managed Switch Administration Guide
•
Voice VLAN OUI auto detection
•
802.1x port guest VLAN
•
802.1x port Dynamic VLAN Assignment
•
Multicast TV VLAN.
Note the following clarifications:
•
Port Security—MAC entries in the VLAN FDB table are flushed when the
port is unlocked.
•
Port membership in a private VLAN is equivalent to port membership in
802.1Q VLANs with regard to feature interaction limitations, for example:
-
Port must not be added to a LAG/LACP.
-
Port must not be configured as port monitor destination.
Required Resources
Since a private VLAN is composed of multiple 802.1Q VLANs, the system requires
additional resources for every secondary VLAN in a private VLAN. The resources
for the following features are allocated per VLAN within the private VLAN.
•
Dynamic MAC Addresses—MAC addresses learned on primary VLANs
are copied to all community VLANs and to the isolated VLAN. MAC
addresses learned on isolated/community VLANs are copied to the primary
VLAN.
•
DHCP Snooping—A TCAM rule is required to trap DHCP traffic.
•
ARP Inspection—A TCAM rule is required to trap ARP traffic.
•
IP Source Guard—A TCAM rule is required to forward/drop IP traffic.
•
First Hop Security—A TCAM rule is required to trap IPv6 traffic (when IPv6
source guard is enabled).
Configuration Guidelines
Note the following feature configuration guidelines:
•
MSTP—All VLANs in a private VLAN must be assigned to the same MSTP
instance.
•
IP Source Guard—Binding an ACL on IP source guard ports with private
VLAN is not recommended due to the amount of TCAM resources needed.
14
260