Administrator Guide
Description Behavior at Peer Up Behavior During Run Time Action to Take
information, refer to the
Release Notes for this release.
VLT LAG ID is not congured
on one VLT peer
A syslog error message is
generated. The peer with the
VLT congured remains active.
A syslog error message is
generated. The peer with the
VLT congured remains active.
Verify the VLT LAG ID is
congured correctly on both
VLT peers.
VLT LAG ID mismatch
The VLT port channel is
brought down.
A syslog error message is
generated.
The VLT port channel is
brought down.
A syslog error message is
generated.
Perform a mismatch check
after the VLT peer is
established.
VLT LAG VLAN mismatch A syslog error message is
generated.
A syslog error message is
generated.
Verify that the VLAN
conguration is same for the
VLT lags on both peers.
Specifying VLT Nodes in a PVLAN
VLT enables redundancy without the implementation of Spanning Tree Protocol (STP), and provides a loop-free network with
optimal bandwidth utilization.
Because the VLT LAG interfaces are terminated on two dierent nodes, PVLAN conguration of VLT VLANs and VLT LAGs are
symmetrical and identical on both the VLT peers. PVLANs provide Layer 2 isolation between ports within the same VLAN. A PVLAN
partitions a traditional VLAN into sub-domains identied by a primary and secondary VLAN pair. With VLT being a Layer 2
redundancy mechanism, support for conguration of VLT nodes in a PVLAN enables Layer 2 security functionalities. To achieve
maximum VLT resiliency, you should congure the PVLAN IDs and mappings to be identical on both the VLT peer nodes.
The association of PVLAN with the VLT LAG must also be identical. After the VLT LAG is congured to be a member of either the
primary or secondary PVLAN (which is associated with the primary), ICL becomes an automatic member of that PVLAN on both
switches. This association helps the PVLAN data ow received on one VLT peer for a VLT LAG to be transmitted on that VLT LAG
from the peer.
You can associate either a VLT VLAN or a VLT LAG to a PVLAN. First congure the VLT interconnect (VLTi) or a VLT LAG by using
the peer-link port-channel id-number command or the VLT VLAN by using the peer-link port-channel id-
number
peer-down-vlan vlan interface number command and the switchport command. After you specify the
VLTi link and VLT LAGs, you can associate the same port channel or LAG bundle that is a part of a VLT to a PVLAN by using the
interface interface and switchport mode private-vlan commands.
When a VLTi port in trunk mode is a member of symmetric VLT PVLANs, the PVLAN packets are forwarded only if the PVLAN
settings of both the VLT nodes are identical. You can congure the VLTi in trunk mode to be a member of non-VLT PVLANs if the
VLTi is congured on both the peers. MAC address synchronization is performed for VLT PVLANs across peers in a VLT domain.
Keep the following points in mind when you congure VLT nodes in a PVLAN:
• Congure the VLTi link to be in trunk mode. Do not congure the VLTi link to be in access or promiscuous mode.
• You can congure a VLT LAG or port channel to be in trunk, access, or promiscuous port modes when you include the VLT LAG
in a PVLAN. The VLT LAG settings must be the same on both the peers. If you congure a VLT LAG as a trunk port, you can
associate that LAG to be a member of a normal VLAN or a PVLAN. If you congure a VLT LAG to be a promiscuous port, you
can congure that LAG to be a member of PVLAN only. If you congure a VLT LAG to be in access port mode, you can add that
LAG to be a member of the secondary VLAN only.
• ARP entries are synchronized even when a mismatch occurs in the PVLAN mode of a VLT LAG.
Any VLAN that contains at least one VLT port as a member is treated as a VLT VLAN. You can congure a VLT VLAN to be a
primary, secondary, or a normal VLAN. However, the VLT VLAN conguration must be symmetrical across peers. If the VLT LAG is
858
Virtual Link Trunking (VLT)