Private Vlans And Unicast, Broadcast, And Multicast Traffic; Private Vlans And Svis; Configuring Private Vlans - Cisco ME 3400 Software Configuration Manual
Ethernet access switch
Hide thumbs
Also See for ME 3400:
- Command reference manual (950 pages) ,
- Hardware installation manual (88 pages) ,
- Getting started manual (33 pages)
Table of Contents
Advertisement
Chapter 12
Configuring Private VLANs
Private VLANs and Unicast, Broadcast, and Multicast Traffic
In regular VLANs, devices in the same VLAN can communicate with each other at the Layer 2 level, but
devices connected to interfaces in different VLANs must communicate at the Layer 3 level. In private
VLANs, the promiscuous ports are members of the primary VLAN, while the host ports belong to
secondary VLANs. Because the secondary VLAN is associated to the primary VLAN, members of the
these VLANs can communicate with each other at the Layer 2 level.
In a regular VLAN, broadcasts are forwarded to all ports in that VLAN. Private-VLAN broadcast
forwarding depends on the port sending the broadcast:
•
•
•
Multicast traffic is routed or bridged across private-VLAN boundaries and within a single community
VLAN. Multicast traffic is not forwarded between ports in the same isolated VLAN or between ports in
different secondary VLANs.
Private VLANs and SVIs
In a Layer 3 switch (a switch running the metro IP access image), a switch virtual interface (SVI)
represents the Layer 3 interface of a VLAN. Layer 3 devices communicate with a private VLAN only
through the primary VLAN and not through secondary VLANs. Configure Layer 3 VLAN interfaces
only for primary VLANs. You cannot configure Layer 3 VLAN interfaces for secondary VLANs. SVIs
for secondary VLANs are inactive while the VLAN is configured as a secondary VLAN.
•
•
When the primary VLAN is associated with and mapped to the secondary VLAN, any configuration on
the primary VLAN is propagated to the secondary VLAN SVIs. For example, if you assign an IP subnet
to the primary VLAN SVI, this subnet is the IP subnet address of the entire private VLAN.
Configuring Private VLANs
•
•
•
•
•
•
•
OL-9639-07
An isolated port sends a broadcast only to the promiscuous ports or trunk ports.
A community port sends a broadcast to all promiscuous ports, trunk ports, and ports in the same
community VLAN.
A promiscuous port (only NNI) sends a broadcast to all ports in the private VLAN (other
promiscuous ports, trunk ports, isolated ports, and community ports).
If you try to configure a VLAN with an active SVI as a secondary VLAN, the configuration is not
allowed until you disable the SVI.
If you try to create an SVI on a VLAN that is configured as a secondary VLAN and the secondary
VLAN is already mapped at Layer 3, the SVI is not created, and an error is returned. If the SVI is
not mapped at Layer 3, the SVI is created, but it is automatically shut down.
Tasks for Configuring Private VLANs, page 12-6
Default Private-VLAN Configuration, page 12-6
Private-VLAN Configuration Guidelines, page 12-6
Configuring and Associating VLANs in a Private VLAN, page 12-10
Configuring a Layer 2 Interface as a Private-VLAN Host Port, page 12-11
Configuring a Layer 2 Interface as a Private-VLAN Promiscuous Port, page 12-13
Mapping Secondary VLANs to a Primary VLAN Layer 3 VLAN Interface, page 12-14
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
Configuring Private VLANs
12-5
- Quick Links:
- Performance Features
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
