562 Configuring VLANs
Promiscuous Ports
An endpoint connected to a promiscuous port is allowed to communicate
with any endpoint within the private VLAN. Multiple promiscuous ports can
be defined for a single private VLAN domain.
In the configuration shown in Figure 22-3, the port connected from SW1 to
R1 (TE1/1/1) is configured as a promiscuous port. It is possible to configure a
port-channel as a promiscuous port in order to provide a level of redundancy
on the private VLAN uplink.
Isolated Ports
An endpoint connected to an isolated port is allowed to communicate with
endpoints connected to promiscuous ports only. Endpoints connected to
adjacent isolated ports cannot communicate with each other.
Community Ports
An endpoint connected to a community port is allowed to communicate with
the endpoints within a community and can also communicate with any
configured promiscuous port. The endpoints that belong to one community
cannot communicate with endpoints that belong to a different community, or
with endpoints connected to isolated ports.
Private VLAN Operation in the Switch Stack and Inter-switch Environment
The Private VLAN feature is supported in a stacked switch environment. The
stack links are transparent to the configured VLANs; thus, there is no need for
special private VLAN configuration beyond what would be configured for a
single switch. Any private VLAN port can reside on any stack member.
To enable private VLAN operation across multiple switches that are not
stacked, trunk ports must be configured between the switches to transport
the private VLANs. The trunk ports must be configured with the
promiscuous, isolated, and community VLANs. Trunk ports must also be
configured on all devices separating the switches.
In regular VLANs, ports in the same VLAN switch traffic at L2. However, for a
private VLAN, the promiscuous port forwards received traffic to secondary
ports in the VLAN (isolated and community). Community ports forward
To Next Page
Loading...
