Users Guide
VLANs 779
Table 21-4. Forwarding Rules for Traffic in Isolated VLAN
Limitations and Recommendations
• Only a single isolated VLAN can be associated with a primary VLAN.
Multiple community VLANs can be associated with a primary VLAN.
• Trunk and general modes are not supported on private VLAN ports.
• Do not configure access ports using the VLANs participating in any of the
private VLANs.
• Multiple primary VLANs may be configured. Each primary VLAN must be
unique and each defines a separate private VLAN domain. The operator
must take care to use only the secondary VLANs associated with the
primary VLAN of a domain.
• Private VLANs cannot be enabled on a preconfigured interface. The
interface must physically exist in the switch.
• Secondary (community and isolated) VLANS are associated to the same
multiple spanning tree instance as the primary VLAN.
• GVRP/MVRP cannot be enabled after the private VLAN is configured.
The administrator will need to disable both before configuring the private
VLAN.
• DHCP snooping can be configured on the primary VLAN. If it is enabled
for a secondary VLAN, the configuration does not take effect if a primary
VLAN is already configured.
• If IP source guard is enabled on private VLAN ports, then DHCP snooping
must be enabled on the primary VLAN.
• Do not configure private VLAN ports on interfaces configured for Voice
VLAN.
To
From promiscuous community 1 community 2 isolated stack (trunk)
promiscuous N/A N/A N/A N/A N/A
community 1 N/A N/A N/A N/A N/A
community 2 N/A N/A N/A N/A N/A
isolated allow deny deny deny allow
stack (trunk) allow deny deny deny Allow