Cisco 350 Series Administration Manual page 284

12
NOTE
228
Features Not Supported on Private VLAN Port Modes
The following features are not supported on private VLAN port modes:
• GVRP
• Voice VLAN OUI auto detection
• 802.1x port guest VLAN
• 802.1x port Dynamic VLAN Assignment
• Multicast TV VLAN.
Note the following clarifications:
• Port Security—MAC entries in the VLAN FDB table are flushed when the port is
unlocked.
• Port membership in a private VLAN is equivalent to port membership in 802.1Q
VLANs with regard to feature interaction limitations, for example:
- Port must not be added to a LAG/LACP.
- Port must not be configured as port monitor destination.
Required Resources
Since a private VLAN is composed of multiple 802.1Q VLANs, the system requires additional
resources for every secondary VLAN in a private VLAN. The resources for the following
features are allocated per VLAN within the private VLAN.
• Dynamic MAC Addresses—MAC addresses learned on primary VLANs are copied
to all community VLANs and to the isolated VLAN. MAC addresses learned on
isolated/community VLANs are copied to the primary VLAN.
• DHCP Snooping—A TCAM rule is required to trap DHCP traffic.
• ARP Inspection—A TCAM rule is required to trap ARP traffic.
• IP Source Guard—A TCAM rule is required to forward/drop IP traffic.
• First Hop Security—A TCAM rule is required to trap IPv6 traffic (when IPv6 source
guard is enabled).
Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4
VLAN Management