Understanding Broadcast Traffic In Private Vlans; Understanding Private Vlan Port Isolation; Configuring A Private Vlan - Cisco AJ732A - MDS 9134 Fabric Switch Configuration Manual

Chapter 7 Configuring Private VLANs
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m
Use the show command to verify that the association is operational. The switch does not display an error
Note
message when the association is nonoperational. (See the
section on page 7-10
If you delete either the primary or secondary VLAN, the ports that are associated with the VLAN become
inactive. Use the no private-vlan command to return the VLAN to the normal mode. All primary and
secondary associations on that VLAN are suspended, but the interfaces remain in private VLAN mode.
When you convert the VLAN back to private VLAN mode, the original associations are reinstated.
If you enter the no vlan command for the primary VLAN, all private VLAN associations with that
VLAN are lost. However, if you enter the no vlan command for a secondary VLAN, the private VLAN
associations with that VLAN are suspended and return when you recreate the specified VLAN and
configure it as the previous secondary VLAN.
In order to change the association between a secondary and primary VLAN, you must first remove the
current association and then add the desired association.

Understanding Broadcast Traffic in Private VLANs

Broadcast traffic from ports in a private VLAN flows in the following ways:
•
•
•

Understanding Private VLAN Port Isolation

You can use private VLANs to control access to end stations as follows:
•
•

Configuring a Private VLAN

Note You must have already created the VLAN before you can assign the specified VLAN as a private VLAN,
This section includes the following topics:
OL-16597-01
for information on configuration verification.)
The broadcast traffic flows from a promiscuous port to all ports in the primary VLAN (which
includes all the ports in the community and isolated VLANs). This broadcast traffic is distributed to
all ports within the primary VLAN, including those ports that are not configured with private VLAN
parameters.
The broadcast traffic from an isolated port is distributed only to those promiscuous ports in the
primary VLAN that are associated to that isolated port.
The broadcast traffic from community ports is distributed to all ports within the port's community
and to all promiscuous ports that are associated to the community port. The broadcast packets are
not distributed to any other communities within the primary VLAN, or to any isolated ports.
Configure selected interfaces connected to end stations as isolated ports to prevent any
communication. For example, if the end stations are servers, this configuration prevents
communication between the servers.
Configure interfaces connected to default gateways and selected end stations (for example, backup
servers) as promiscuous ports to allow all end stations access to a default gateway.
"Verifying Private VLAN Configuration"
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
Configuring a Private VLAN
7-5