Table of Contents
Advertisement
•
A community VLAN can only contain ports configured as host.
•
Isolated VLAN — a type of secondary VLAN in a primary VLAN:
•
Ports in an isolated VLAN cannot talk directly to each other.
•
Ports in an isolated VLAN can only communicate with promiscuous ports in the primary VLAN.
•
An isolated VLAN can only contain ports configured as host.
•
Primary VLAN — the base VLAN of a PVLAN:
•
A switch can have one or more primary VLANs, and it can have none.
•
A primary VLAN has one or more secondary VLANs.
•
A primary VLAN and each of its secondary VLANs decrement the available number of VLAN IDs in
the switch.
•
A primary VLAN has one or more promiscuous ports.
•
A primary VLAN might have one or more trunk ports, or none.
•
Secondary VLAN — a subdomain of the primary VLAN.
•
There are two types of secondary VLAN — community VLAN and isolated VLAN.
PVLAN port types include:
•
Host port — in the context of a private VLAN, is a port in a secondary VLAN. The port must first be
assigned that role in INTERFACE mode.
•
Host port that belongs to a community VLAN is allowed to communicate with other ports in the
same community VLAN and with promiscuous ports & Trunk Port in Same PVLAN
•
Host port can be part of either community VLAN or isolated VLAN. The bhavior of host port will
change with respect to its presence in community and isolated VLAN.
•
Host port that belongs to an isolated VLAN can communicate with promiscuous ports & Trunk port
that are in the same PVLAN
•
Promiscuous port — a port that is allowed to communicate with any other port type in the PVLAN. A
promiscuous port can be part of more than one primary VLAN. A promiscuous port cannot be added to
a regular VLAN.
•
Trunk port — carries traffic between switches. A trunk port in a PVLAN is always tagged. In tagged
mode, the trunk port carries the primary or secondary VLAN traffic. The tag on the packet helps identify
the VLAN to which the packet belongs. A trunk port can also belong to a regular VLAN (non-private
VLAN).
Each of the port types can be any type of physical Ethernet port, including port channels (LAGs). For more
information about port channels, refer to
For an introduction to VLANs, refer to
Using the Private VLAN Commands
To use the PVLAN feature, use the following commands.
•
Enable/disable Layer 3 communication between secondary VLANs.
INTERFACE VLAN mode
[no] ip local-proxy-arp
Port Channel Interfaces
Layer
2.
in the
Interfaces
chapter.
Private VLANs (PVLAN)
896
Advertisement
Table of Contents
Troubleshooting
