VLAN Management
Overview
Cisco 500 Series Stackable Managed Switch Administration Guide 260
14
• Voice VLAN OUI auto detection
• 802.1x port guest VLAN
• 802.1x port Dynamic VLAN Assignment
• Multicast TV VLAN.
NOTE Note the following clarifications:
• Port Security—MAC entries in the VLAN FDB table are flushed when the
port is unlocked.
• Port membership in a private VLAN is equivalent to port membership in
802.1Q VLANs with regard to feature interaction limitations, for example:
- Port must not be added to a LAG/LACP.
- Port must not be configured as port monitor destination.
Required Resources
Since a private VLAN is composed of multiple 802.1Q VLANs, the system requires
additional resources for every secondary VLAN in a private VLAN. The resources
for the following features are allocated per VLAN within the private VLAN.
• Dynamic MAC Addresses—MAC addresses learned on primary VLANs
are copied to all community VLANs and to the isolated VLAN. MAC
addresses learned on isolated/community VLANs are copied to the primary
VLAN.
• DHCP Snooping—A TCAM rule is required to trap DHCP traffic.
• ARP Inspection—A TCAM rule is required to trap ARP traffic.
• IP Source Guard—A TCAM rule is required to forward/drop IP traffic.
• First Hop Security—A TCAM rule is required to trap IPv6 traffic (when IPv6
source guard is enabled).
Configuration Guidelines
Note the following feature configuration guidelines:
• MSTP—All VLANs in a private VLAN must be assigned to the same MSTP
instance.
• IP Source Guard—Binding an ACL on IP source guard ports with private
VLAN is not recommended due to the amount of TCAM resources needed.
To Next Page
Loading...
