15-5
Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX
OL-4266-08
Chapter 15 Configuring Private VLANs
Understanding How Private VLANs Work
Private VLANs Across Multiple Routers
As with regular VLANs, private VLANs can span multiple routers. A trunk port carries the primary
VLAN and secondary VLANs to a neighboring router. The trunk port deals with the private VLAN as
any other VLAN. A feature of private VLANs across multiple routers is that traffic from an isolated port
in router A does not reach an isolated port on Router B. (See
Figure 15-2
.)
Figure 15-2
Private VLANs Across Routers
Because VTP does not support private VLANs, you must manually configure private VLANs on all
routers in the Layer 2 network. If you do not configure the primary and secondary VLAN association in
some routers in the network, the Layer 2 databases in these routers are not merged. This situation can
result in unnecessary flooding of private VLAN traffic on those routers.
Private VLAN Interaction with Other Features
These sections describe how private VLANs interact with some other features:
•
Private VLANs and Unicast, Broadcast, and Multicast Traffic, page 15-6
•
Private VLANs and SVIs, page 15-6
See also the
“Private VLAN Configuration Guidelines and Restrictions” section on page 15-6
.
116084
VLAN 100
VLAN 201
VLAN 202
Switch B
VLAN 100
VLAN 100 = Primary VLAN
VLAN 201 = Secondary isolated VLAN
VLAN 202 = Secondary community VLAN
VLAN 201
Carries VLAN 100,
201, and 202 traffic
Trunk ports
VLAN 202
Switch A