Cisco Nexus 7000 Series Configuration Manual page 73

Configuring Private VLANs Using NX-OS
Figure 2: Private VLAN Layer 2 Traffic Flows
Note The private VLAN traffic flows are unidirectional from the host ports to the promiscuous ports. Traffic
that egresses the promiscuous port acts like the traffic in a normal VLAN, and there is no traffic separation
among the associated secondary VLAN.
A promiscuous port can serve only one primary VLAN, but it can serve multiple isolated VLANs and multiple
community VLANs. (Layer 3 gateways are connected to the device through a promiscuous port.) With a
promiscuous port, you can connect a wide range of devices as access points to a private VLAN. For example,
you can use a promiscuous port to monitor or back up all the private VLAN servers from an administration
workstation.
Beginning with for the Nexus 7000 Series devices, you can configure private VLAN promiscuous and
Note
isolated trunk ports. These promiscuous and isolated trunk ports carry traffic for multiple primary and
secondary VLANs as well as normal VLAN.
Although you can have several promiscuous ports in a primary VLAN, you can have only one Layer 3 gateway
per primary VLAN.
In a switched environment, you can assign an individual private VLAN and associated IP subnet to each
individual or common group of end stations. The end stations need to communicate only with a default gateway
to communicate outside the private VLAN.
Cisco Nexus 7000 Series NX-OS Layer 2 Switching Configuration Guide, Release 5.x
Private VLAN Overview
57