VLAN Management
Overview
207
Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x
11
•
Voice VLAN OUI auto detection
•
802.1x port guest VLAN
•
802.1x port Dynamic VLAN Assignment
•
Multicast TV VLAN.
NOTE
Note the following clarifications:
•
Port Security—MAC entries in the VLAN FDB table are flushed when the port is
unlocked.
•
Port membership in a private VLAN is equivalent to port membership in 802.1Q
VLANs with regard to feature interaction limitations, for example:
-
Port must not be added to a LAG/LACP.
-
Port must not be configured as port monitor destination.
Required Resources
Since a private VLAN is composed of multiple 802.1Q VLANs, the system requires additional
resources for every secondary VLAN in a private VLAN. The resources for the following
features are allocated per VLAN within the private VLAN.
•
Dynamic MAC Addresses
—MAC addresses learned on primary VLANs are copied
to all community VLANs and to the isolated VLAN. MAC addresses learned on
isolated/community VLANs are copied to the primary VLAN.
•
DHCP Snooping
—A TCAM rule is required to trap DHCP traffic.
•
ARP Inspection
—A TCAM rule is required to trap ARP traffic.
•
IP Source Guard
—A TCAM rule is required to forward/drop IP traffic.
•
First Hop Security
—A TCAM rule is required to trap IPv6 traffic (when IPv6 source
guard is enabled).
Configuration Guidelines
Note the following feature configuration guidelines:
•
MSTP
—All VLANs in a private VLAN must be assigned to the same MSTP instance.
•
IP Source Guard
—Binding an ACL on IP source guard ports with private VLAN is
not recommended due to the amount of TCAM resources needed.