Table of Contents
Advertisement
Chapter 11
Configuring VLANs
Table 11-3 Modules with Ports Listed by ASIC Groups (continued)
Module Number
WS-X6348-RJ-45
WS-X6024-10FL-MT
Isolated and community ports should run BPDU guard features to prevent spanning tree loops due
•
to misconfigurations.
Primary VLANs and associated isolated/community VLANs must have the same spanning tree
•
configuration. This configuration maintains consistent spanning tree topologies between associated
primary, isolated, and community VLANs and avoids possible loss of connectivity. These priorities
and parameters automatically propagate from the primary VLAN to the isolated and community
VLANs.
You can create private VLANs that run in MISTP mode as follows:
•
–
–
•
In networks with some switches using MAC address reduction, and others not using MAC address
reduction, STP parameters do not necessarily propagate to ensure that the spanning tree topologies
match. You should manually check the STP configuration to ensure that the primary, isolated, and
community VLANs' spanning tree topologies match.
If you enable MAC address reduction on a Catalyst 6000 series switch, you might want to enable
•
MAC address reduction on all the switches in your network to ensure that the STP topologies of the
private VLANs match. Otherwise, in a network where private VLANs are configured, if you enable
MAC address reduction on some switches and disable it on others (mixed environment), you will
have to use the default bridge priorities to make sure that the root bridge is common to the primary
VLAN and to all its associated isolated and community VLANs. Be consistent with the ranges
employed by the MAC address reduction feature regardless of whether it is enabled on the system.
MAC address reduction allows only discrete levels and uses all intermediate values internally as a
range. You should disable a root bridge with private VLANs and MAC address reduction, and
configure the root bridge with any priority higher than the highest priority range used by any
nonroot bridge.
BPDU guard mode is system wide and is enabled after you add the first port to a private VLAN.
•
You cannot configure a destination SPAN port as a private VLAN port and vice versa.
•
•
A source SPAN port can belong to a private VLAN.
•
You can use VLAN-based SPAN (VSPAN) to span primary, isolated, and community VLANs
together, or use SPAN on only one VLAN to separately monitor egress or ingress traffic.
•
You cannot use a remote SPAN VLAN (RSPAN) for a private VLAN.
78-13315-02
Description
48-port 10/100TX RJ-45
24-port 10BASE-FL MT-RJ
If you disable MISTP, any change to the configuration of a primary VLAN propagates to all
corresponding isolated and community VLANs, and you cannot change the isolated or
community VLANs.
If you enable MISTP, you can only configure the MISTP instance with the primary VLAN.
Changes will be applied to the primary VLAN and will propagate to the isolated and community
VLANs.
Catalyst 6000 Family Software Configuration Guide—Releases 6.3 and 6.4
Configuring Private VLANs
Ports by ASIC
Ports 1–12
Ports 13–24
Ports 25–36
Ports 37–48
Ports 1–12
Ports 13–24
11-17
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
