Private Vlan Port Configuration; Limitations With Other Features - Cisco Nexus 7000 Series Configuration Manual

Nx-os layer 2 switching

Hide thumbs Also See for Nexus 7000 Series:

Command reference manual (1018 pages)

Reference manual (746 pages)

Configuration manual (536 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

page of 230

/ 230
Contents
Table of Contents
Bookmarks

Table of Contents

Configuring Private VLANs Using NX-OS

You must keep the same VACLs for the primary VLAN and all secondary VLANs in the private VLAN.

Note

• You can enable DHCP snooping on private VLANs. When you enable DHCP snooping on the primary

• Before you configure a VLAN as a secondary VLAN, you must shut down the VLAN network interface

• To prevent interhost communication in isolated private VLANs with a promiscuous port, configure a

Private VLAN Port Configuration

Follow these guidelines when configuring private VLAN ports:

• The Layer 2 access ports that are assigned to the VLANs that you configure as primary, isolated, or

• If you delete a VLAN used in the private VLAN configuration, the private VLAN ports that are associated

Limitations with Other Features

Consider these configuration limitations with other features when configuring private VLANs:

In some cases, the configuration is accepted with no error messages, but the commands have no effect.

Note

• IGMP runs only on the primary VLAN and uses the configuration of the primary VLAN for all secondary

• Any IGMP join request in the secondary VLAN is treated as if it is received in the primary VLAN.

• Private VLANs support these Switched Port Analyzer (SPAN) features:

• Private VLAN host or promiscuous ports cannot be a SPAN destination port.

• A destination SPAN port cannot be an isolated port. (However, a source SPAN port can be an isolated

• You can configure SPAN to span both primary and secondary VLANs or to span either one if the user

VLAN, the DHCP configuration is propagated to the secondary VLANs. If you configure DHCP on a

secondary VLAN, the configuration does not take effect if the primary VLAN is already configured.

for the secondary VLAN.

role-based ACL (RBACL) that disallows hosts in that subnet from communicating with each other.

community VLANs are inactive while the VLAN is part of the private VLAN configuration. Layer 2

trunk interfaces, which may carry private VLANs, are active and remain part of the STP database.

with the VLAN become inactive.

VLANs.

◦ You can configure a private VLAN port as a SPAN source port.

◦ You can use VLAN-based SPAN (VSPAN) on primary, isolated, and community VLANs or use

SPAN on only one VLAN to separately monitor egress or ingress traffic.

port.)

is interested only in ingress or egress traffic.

Cisco Nexus 7000 Series NX-OS Layer 2 Switching Configuration Guide, Release 5.x

Private VLAN Port Configuration

Table of Contents

Private Vlan Port Configuration; Limitations With Other Features - Cisco Nexus 7000 Series Configuration Manual

Private VLAN Port Configuration

Limitations with Other Features

Related Manuals for Cisco Nexus 7000 Series

Related Content for Cisco Nexus 7000 Series

Table of Contents