44-4
Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E
OL_28731-01
Chapter 44 Configuring Private VLANs
About Private VLANs
Isolated Port An isolated port is a host port that belongs to an isolated
secondary VLAN. It has complete Layer 2 separation from
other ports within the same PVLAN, except for the
promiscuous ports. PVLANs block all traffic to isolated
ports except traffic from promiscuous ports. Traffic received
from an isolated port is forwarded only to promiscuous
ports.
Isolated VLAN Isolated VLAN —A PVLAN has only one isolated VLAN.
An isolated VLAN is a secondary VLAN that carries
unidirectional traffic upstream from the hosts toward the
promiscuous ports and the gateway.
Primary VLAN Primary VLAN—A PVLAN has only one primary VLAN.
Every port in a PVLAN is a member of the primary VLAN.
The primary VLAN carries unidirectional traffic
downstream from the promiscuous ports to the (isolated and
community) host ports and to other promiscuous ports.
PVLAN Trunk Port A PVLAN trunk port can carry multiple secondary (isolated
only) and non-PVLANs. Packets are received and
transmitted with secondary or regular VLAN tags on the
PVLAN trunk ports.
Note Only IEEE 802.1q encapsulation is supported.
Promiscuous Port A promiscuous port belongs to the primary VLAN and can
communicate with all interfaces, including the community
and isolated host ports and PVLAN trunk ports that belong
to the secondary VLANs associated with the primary
VLAN.
Promiscuous Trunk Port A promiscuous trunk port can carry multiple primary and
normal VLANs. Packets are received and transmitted with
primary or regular VLAN tags. Other than that, the port
behaves just like a promiscuous access port.
Note Only IEEE 802.1q encapsulation is supported.
Twoway-Community Ports A twoway-community port is a host port that belongs to a
twoway-community secondary VLAN. Ports within a
twoway-community VLAN can communicate with each
other but not with ports in other communities or
twoway-communities at the Layer 2 level.
These interfaces are isolated at Layer 2 from all other
interfaces in other twoway communities and from isolated
ports within their PVLAN.
Twoway-Community VLANs A bidirectional VLAN. Ports within a 2-way community
VLAN can communicate with each other but cannot
communicate with ports in other 2-way communities at the
Layer 2 level.
Term Definition
To Next Page
Loading...
Need help?
General
