Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX-OS 4.0(1a)N1 (OL-16597-01, January 2009)
Send feedback to nx5000-docfeedback@cisco.com
7-2
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
OL-16597-01
Chapter 7 Configuring Private VLANs
About Private VLANs
Figure 7-1 Private VLAN Domain
Note You must first create the VLAN before you can convert it to a private VLAN, either primary or
secondary. See Chapter 6, “Configuring VLANs” for information on creating VLANs.
This section includes the following topics:
• Primary and Secondary VLANs in Private VLANs, page 7-2
• Understanding Private VLAN Ports, page 7-3
• Understanding Broadcast Traffic in Private VLANs, page 7-5
• Understanding Private VLAN Port Isolation, page 7-5
Primary and Secondary VLANs in Private VLANs
A private VLAN domain has only one primary VLAN. Each port in a private VLAN domain is a member
of the primary VLAN; the primary VLAN is the entire private VLAN domain.
Secondary VLANs provide isolation between ports within the same private VLAN domain. The
following two types are secondary VLANs within a primary VLAN:
• Isolated VLANs—Ports within an isolated VLAN cannot communicate directly with each other at
the Layer 2 level.
• Community VLANs—Ports within a community VLAN can communicate with each other but
cannot communicate with ports in other community VLANs or in any isolated VLANs at the Layer
2 level.
116083
Private
VLAN
domain
Private
VLAN
domain
Primary
VLAN
SubdomainSubdomain
Secondary
community VLAN
Secondary
isolated VLAN
SubdomainSubdomain
Secondary
community VLAN
Secondary
isolated VLAN