S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m
7-5
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
OL-16597-01
Chapter 7 Configuring Private VLANs
Configuring a Private VLAN
Note
Use the
show
commmand to verify that the association is operational. The switch does not display an
error message when the association is nonoperational. (See the
“Verifying Private VLAN Configuration”
section on page 7-10
for information on configuration verification.)
If you delete either the primary or secondary VLAN, the ports that are associated with the VLAN become
inactive. Use the
no private-vlan
command to return the VLAN to the normal mode. All primary and
secondary associations on that VLAN are suspended, but the interfaces remain in private VLAN mode.
When you convert the VLAN back to private VLAN mode, the original associations are reinstated.
If you enter the
no vlan
command for the primary VLAN, all private VLAN associations with that
VLAN are lost. However, if you enter the
no vlan
command for a secondary VLAN, the private VLAN
associations with that VLAN are suspended and return when you recreate the specified VLAN and
configure it as the previous secondary VLAN.
In order to change the association between a secondary and primary VLAN, you must first remove the
current association and then add the desired association.
Understanding Broadcast Traffic in Private VLANs
Broadcast traffic from ports in a private VLAN flows in the following ways:
•
The broadcast traffic flows from a promiscuous port to all ports in the primary VLAN (which
includes all the ports in the community and isolated VLANs). This broadcast traffic is distributed to
all ports within the primary VLAN, including those ports that are not configured with private VLAN
parameters.
•
The broadcast traffic from an isolated port is distributed only to those promiscuous ports in the
primary VLAN that are associated to that isolated port.
•
The broadcast traffic from community ports is distributed to all ports within the port’s community
and to all promiscuous ports that are associated to the community port. The broadcast packets are
not distributed to any other communities within the primary VLAN, or to any isolated ports.
Understanding Private VLAN Port Isolation
You can use private VLANs to control access to end stations as follows:
•
Configure selected interfaces connected to end stations as isolated ports to prevent any
communication. For example, if the end stations are servers, this configuration prevents
communication between the servers.
•
Configure interfaces connected to default gateways and selected end stations (for example, backup
servers) as promiscuous ports to allow all end stations access to a default gateway.
Configuring a Private VLAN
Note
You must have already created the VLAN before you can assign the specified VLAN as a private VLAN,
This section includes the following topics:
Summary of Contents for N5010P-N2K-BE
Page 50: ...Se n d f e e d b a ck t o n x 5 0 0 0 d o c f e e d b a ck c i s c o c o m ...
Page 102: ...Se n d f e e d b a ck t o n x 5 0 0 0 d o c f e e d b a ck c i s c o c o m ...
Page 240: ...Se n d f e e d b a ck t o n x 5 0 0 0 d o c f e e d b a ck c i s c o c o m ...
Page 312: ...Se n d f e e d b a ck t o n x 5 0 0 0 d o c f e e d b a ck c i s c o c o m ...
Page 400: ...Se n d f e e d b a ck t o n x 5 0 0 0 d o c f e e d b a ck c i s c o c o m ...
Page 418: ...Se n d f e e d b a ck t o n x 5 0 0 0 d o c f e e d b a ck c i s c o c o m ...
Page 436: ...Se n d f e e d b a ck t o n x 5 0 0 0 d o c f e e d b a ck c i s c o c o m ...
Page 658: ...Se n d f e e d b a ck t o n x 5 0 0 0 d o c f e e d b a ck c i s c o c o m ...