Private Vlan Promiscuous Trunks; Private Vlan Isolated Trunks - Cisco AP775A - Nexus Converged Network Switch 5010 Configuration Manual
Cli software configuration guide
Hide thumbs
Also See for AP775A - Nexus Converged Network Switch 5010:
- Configuration manual (1486 pages) ,
- Reference (886 pages) ,
- Command reference manual (792 pages)
Table of Contents
Advertisement
Information About Private VLANs
You can associate a secondary VLAN with only one primary VLAN.
Note
For an association to be operational, the following conditions must be met:
• The primary VLAN must exist and be configured as a primary VLAN.
• The secondary VLAN must exist and be configured as either an isolated or community VLAN.
Use the show vlan private-vlan commmand to verify that the association is operational. The switch does
Note
not display an error message when the association is nonoperational.
If you delete either the primary or secondary VLAN, the ports that are associated with the VLAN become
inactive. Use the no private-vlan command to return the VLAN to the normal mode. All primary and secondary
associations on that VLAN are suspended, but the interfaces remain in private VLAN mode. When you convert
the VLAN back to private VLAN mode, the original associations are reinstated.
If you enter the no vlan command for the primary VLAN, all private VLAN associations with that VLAN
are deleted. However, if you enter the no vlan command for a secondary VLAN, the private VLAN associations
with that VLAN are suspended and are restored when you recreate the specified VLAN and configure it as
the previous secondary VLAN.
In order to change the association between a secondary and primary VLAN, you must first remove the current
association and then add the desired association.
Private VLAN Promiscuous Trunks
A promiscuous trunk port can carry traffic for several primary VLANs. Multiple secondary VLANs under a
given primary VLAN can be mapped to promiscuous trunk port. Traffic on the promiscuous port is received
and transmitted with a primary VLAN tag.
Private VLAN Isolated Trunks
An isolated trunk port can carry traffic for multiple isolated private VLANs. Traffic for a community VLAN
is not carried by isolated trunk ports. Traffic on isolated trunk ports is received and transmitted with an isolated
VLAN tag. Isolated trunk ports are intended to be connected to host servers.
To support isolated private VLAN ports on a Cisco Nexus 2000 Series Fabric Extender, the Cisco Nexus 5000
Series switch must prevent communication between the isolated ports on the Fabric Extender; all forwarding
occurs through the Cisco Nexus 5000 Series switch.
For unicast traffic, it is simple to prevent such a communication without any side effects.
For multicast traffic, the Fabric Extender provides replication of the frames. To prevent communication
between isolated private VLAN ports on the Fabric Extender, the Cisco Nexus 5000 Series switch prevents
multicast frames from being sent back through the fabric ports. This restriction prevents communication
between an isolated VLAN and a promiscuous port on the Fabric Extender. However as its host interfaces
are not intended to be connected to another switch or router, you cannot enable a promiscuous port on Fabric
Extender.
OL-16597-01
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
Private VLAN Promiscuous Trunks
91
Advertisement
Chapters
Table of Contents
Troubleshooting
