Manualshelf

Configuration Guide User guide

ManualsBrandsBrocade ManualsComputer AccessoriesFastIron
861862863864865866867868869870
810 FastIron Configuration Guide
53-1002494-02
Private VLAN configuration
You can configure a combination of the following types of PVLANs:
Primary – The primary PVLAN ports are “promiscuous”. They can communicate with all the
isolated PVLAN ports and community PVLAN ports in the isolated and community VLANs that
are mapped to the promiscuous port.
Isolated – Broadcasts and unknown unicasts received on isolated ports are sent only to the
promiscuous ports and switch – switch ports. They are not flooded to other ports in the
isolated VLAN.
NOTE
On ICX 6430 and ICX 6450 devices, however, private VLANs will act as a normal VLAN and will
flood unknown destinations, broadcast and multicast traffic to all ports in the VLAN if the
primary VLAN does not have the PVLAN mapping that defines the uplink port for the isolated
VLAN.
Community – Broadcasts and unknown unicasts received on community ports are sent to the
primary port and also are flooded to the other ports in the community VLAN.
Each PVLAN must have a primary VLAN. The primary VLAN is the interface between the secured
ports and the rest of the network. The PVLAN can have any combination of community and isolated
VLANs.
As with regular VLANs, PVLANs can span multiple switches. The PVLAN is treated like any other
VLAN by the PVLAN-trunk ports. The PVLAN-trunk port is added to both the primary and the
secondary VLANs as a tagged member through the pvlan-trunk command. Figure 91 shows an
example of a PVLAN network across switches:
Broadcast, unknown unicast or unregistered multicast traffic from the primary VLAN port is
forwarded to all ports in isolated and community VLANs in both the switches.
Broadcast, unknown unicast or unregistered multicast traffic from an isolated port in switch A
is not forwarded to an isolated port in switch A. It will not be forwarded to an isolated port in
switch B across the PVLAN-trunk port.
Broadcast, unknown unicast or unregistered multicast traffic from a community port in switch
A will be forwarded to a community port in switch B through the PVLAN-trunk port. It is
forwarded to the promiscuous ports and switch – switch ports of the primary VLAN.