Users Guide
For VLT VLANs, the association between primary VLAN and secondary VLANs is examined on both the peers. Only if the association is
identical on both the peers, VLTi is congured as a member of those VLANs. This behavior is because of security functionalities in a
PVLAN. For example, if a VLAN is a primary VLT VLAN on one peer and not a primary VLT VLAN on the other peer, VLTi is not made a part
of that VLAN.
MAC Synchronization for VLT Nodes in a PVLAN
For the MAC addresses that are learned on non-VLT ports, MAC address synchronization is performed with the other peer if the VLTi (ICL)
link is part of the same VLAN as the non-VLT port. For MAC addresses that are learned on VLT ports, the VLT LAG mode of operation and
the primary to secondary association of the VLT nodes is determined on both the VLT peers. MAC synchronization is performed for the
VLT LAGs only if the VLT LAG and primary-secondary VLT peer mapping are symmetrical.
The PVLAN mode of VLT LAGs on one peer is validated against the PVLAN mode of VLT LAGs on the other peer. MAC addresses that are
learned on that VLT LAG are synchronized between the peers only if the PVLAN mode on both the peers is identical. For example, if the
MAC address is learned on a VLT LAG and the VLAN is a primary VLT VLAN on one peer and not a primary VLT VLAN on the other peer,
MAC synchronization does not occur.
Whenever a change occurs in the VLAN mode of one of the peers, this modication is synchronized with the other peers. Depending on
the validation mechanism that is initiated for MAC synchronization of VLT peers, MAC addresses learned on a particular VLAN are either
synchronized with the other peers, or MAC addresses synchronized from the other peers on the same VLAN are deleted. This method of
processing occurs when the PVLAN mode of VLT LAGs is modied.
Because the VLTi link is only a member of symmetric VLT PVLANs, MAC synchronization takes place directly based on the membership of
the VLTi link in a VLAN and the VLT LAG mode.
PVLAN Operations When One VLT Peer is Down
When a VLT port moves to the Admin or Operationally Down state on only one of the VLT nodes, the VLT Lag is still considered to be up. All
the PVLAN MAC entries that correspond to the operationally down VLT LAG are maintained as synchronized entries in the device. These
MAC entries are removed when the peer VLT LAG also becomes inactive or a change in PVLAN conguration occurs.
PVLAN Operations When a VLT Peer is Restarted
When the VLT peer node is rebooted, the VLAN membership of the VLTi link is preserved and when the peer node comes back online, a
verication is performed with the newly received PVLAN conguration from the peer. If any dierences are identied, the VLTi link is either
added or removed from the VLAN. When the peer node restarts and returns online, all the PVLAN congurations are exchanged across the
peers. Based on the information received from the peer, a bulk synchronization of MAC addresses that belong to spanned PVLANs is
performed.
During the booting phase or when the ICL link attempts to come up, a system logging message is recorded if VLT PVLAN mismatches,
PVLAN mode mismatches, PVLAN association mismatches, or PVLAN port mode mismatches occur. Also, you can view these
discrepancies if any occur by using the show vlt mismatch command.
Interoperation of VLT Nodes in a PVLAN with ARP Requests
When an ARP request is received, and the following conditions are applicable, the IP stack performs certain operations.
• The VLAN on which the ARP request is received is a secondary VLAN (community or isolated VLAN).
• Layer 3 communication between secondary VLANs in a private VLAN is enabled by using the ip local-proxy-arp command in
INTERFACE VLAN conguration mode.
• The ARP request is not received on the ICL
870
Virtual Link Trunking (VLT)