47-7
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
Chapter 47 Configuring Private VLANs
About Private VLANs
Traffic in the upstream direction is sent by host1 to the non-PVLAN switch, arriving in VLAN 11. The
packets are then transmitted to the switch tagged with that VLAN’s tag (VLAN 11) over the trunk port.
On the switch, VLAN 11 is configured as the isolated VLAN, and the traffic is forwarded as if it came
from an isolated host port.
Note
When an isolated trunk is used in this way, Catalyst 4500 series switch provides isolation between the
isolated trunk and directly connected hosts (such as host3) but not between hosts connected to the
non-PVLAN switch (such as host1 and host2). The non-PVLAN switch must provide isolation between
these hosts, using a feature such as protected ports on a Catalyst 2950.
For details on protected ports, see the URL:
http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_22_ea11x/configur
ation/guide/swtrafc.html#wp1158863
Promiscuous PVLAN Trunk Ports
PVLAN promiscuous trunks are used in situations where one would normally use a PVLAN
promiscuous host port but where it is necessary to carry multiple VLANs, either normal VLANs or for
multiple PVLAN domains. This makes it useful for connecting an upstream router that does not support
PVLANs, such as a Cisco 7200.
Figure 47-4
Promiscuous PVLAN Trunk Ports
, a Catalyst 4500 series switch connects a PVLAN domain to an upstream router that does
not support PVLANs. Traffic being sent upstream by host1 arrives on the switch in the community
VLAN (VLAN 12). When this traffic is bridged onto the promiscuous PVLAN trunk towards the router,
it is tagged with the primary VLAN (VLAN 10). This way it can be routed using the correct subinterface
configured on the router.
Traffic in the downstream direction is received on the promiscuous PVLAN trunk port by the switch in
the primary VLAN (VLAN 10), just as if it had been received on a promiscuous host port. It can then be
bridged to the destination host as in any PVLAN domain.
PVLAN promiscuous trunks interact with VLAN QoS. Refer to the section
C
a
t
a
ly
s
t
7200 ro
u
ter
C
a
t
a
ly
s
t
4500
s
witch
Prim
a
ry VLAN
= VLAN10
I
s
ol
a
ted VLAN
= VLAN11
Comm
u
nity VLAN = VLAN12
I
s
ol
a
ted
port, VLAN11
Comm
u
nity
port, VLAN12
204201
Summary of Contents for Catalyst 4500 Series
Page 2: ......
Page 4: ......
Page 2086: ...Index IN 46 Software Configuration Guide Release IOS XE 3 9 0E and IOS 15 2 5 E ...