Administrator Guide
tagged to any one of the primary or secondary VLANs of a PVLAN, then both the primary and secondary VLANs are considered as
VLT VLANs.
If you add an ICL or VLTi link as a member of a primary VLAN, the ICL becomes a part of the primary VLAN and its associated
secondary VLANs, similar to the behavior for normal trunk ports. VLAN parity is not validated if you associate an ICL to a PVLAN.
Similarly, if you dissociate an ICL from a PVLAN, although the PVLAN parity exists, ICL is removed from that PVLAN.
Association of VLTi as a Member of a PVLAN
If a VLAN is congured as a non-VLT VLAN on both the peers, the VLTi link is made a member of that VLAN if the VLTi link is
congured as a PVLAN or normal VLAN on both the peers. If a PVLAN is congured as a VLT VLAN on one peer and a non-VLT
VLAN on another peer, the VLTi is added as a member of that VLAN by verifying the PVLAN parity on both the peers. In such a
case, if a PVLAN is present as a VLT PVLAN on at least one of the peers, then symmetric conguration of the PVLAN is validated to
cause the VLTi to be a member of that VLAN. Whenever a change in the VLAN mode on one of the peers occurs, the information is
synchronized with the other peer and VLTi is either added or removed from the VLAN based on the validation of the VLAN parity.
For VLT VLANs, the association between primary VLAN and secondary VLANs is examined on both the peers. Only if the association
is identical on both the peers, VLTi is congured as a member of those VLANs. This behavior is because of security functionalities in
a PVLAN. For example, if a VLAN is a primary VLT VLAN on one peer and not a primary VLT VLAN on the other peer, VLTi is not
made a part of that VLAN.
MAC Synchronization for VLT Nodes in a PVLAN
For the MAC addresses that are learned on non-VLT ports, MAC address synchronization is performed with the other peer if the
VLTi (ICL) link is part of the same VLAN as the non-VLT port. For MAC addresses that are learned on VLT ports, the VLT LAG mode
of operation and the primary to secondary association of the VLT nodes is determined on both the VLT peers. MAC synchronization
is performed for the VLT LAGs only if the VLT LAG and primary-secondary VLT peer mapping are symmetrical.
The PVLAN mode of VLT LAGs on one peer is validated against the PVLAN mode of VLT LAGs on the other peer. MAC addresses
that are learned on that VLT LAG are synchronized between the peers only if the PVLAN mode on both the peers is identical. For
example, if the MAC address is learned on a VLT LAG and the VLAN is a primary VLT VLAN on one peer and not a primary VLT
VLAN on the other peer, MAC synchronization does not occur.
Whenever a change occurs in the VLAN mode of one of the peers, this modication is synchronized with the other peers. Depending
on the validation mechanism that is initiated for MAC synchronization of VLT peers, MAC addresses learned on a particular VLAN are
either synchronized with the other peers, or MAC addresses synchronized from the other peers on the same VLAN are deleted. This
method of processing occurs when the PVLAN mode of VLT LAGs is modied.
Because the VLTi link is only a member of symmetric VLT PVLANs, MAC synchronization takes place directly based on the
membership of the VLTi link in a VLAN and the VLT LAG mode.
PVLAN Operations When One VLT Peer is Down
When a VLT port moves to the Admin or Operationally Down state on only one of the VLT nodes, the VLT Lag is still considered to be
up. All the PVLAN MAC entries that correspond to the operationally down VLT LAG are maintained as synchronized entries in the
device. These MAC entries are removed when the peer VLT LAG also becomes inactive or a change in PVLAN conguration occurs.
PVLAN Operations When a VLT Peer is Restarted
When the VLT peer node is rebooted, the VLAN membership of the VLTi link is preserved and when the peer node comes back
online, a verication is performed with the newly received PVLAN conguration from the peer. If any dierences are identied, the
VLTi link is either added or removed from the VLAN. When the peer node restarts and returns online, all the PVLAN congurations
are exchanged across the peers. Based on the information received from the peer, a bulk synchronization of MAC addresses that
belong to spanned PVLANs is performed.
Virtual Link Trunking (VLT)
859