BigIron RX Series Configuration Guide
307
53-1001810-01
Private VLANs
11
•
Secondary – The secondary private VLAN are secure VLANs that are separated from the rest
of the network by the primary private VLAN. Every secondary private VLAN needs to be
associated with a primary private VLAN. There are 2 different types of secondary private VLANs
- 'community' and 'isolated' private VLANs:
•
Isolated – Broadcasts and unknown unicasts received on isolated ports are sent only to
the primary port. They are not flooded to other ports in the isolated VLAN.
•
Community – Broadcasts and unknown unicasts received on community ports are sent to
the primary port and also are flooded to the other ports in the community VLAN.
Each private VLAN must have a primary VLAN. The primary VLAN is the interface between the
secured ports and the rest of the network. The private VLAN can have any combination of
community and isolated VLANs. (Refer to
“Configuration rules”
on page 308.)
Table 64
list the differences between private VLANs and standard VLANs.
Implementation notes
•
The private VLAN implementation in the current release uses the CPU for forwarding packets
on the primary VLAN’s “promiscuous” port. Other forwarding is performed in the hardware.
Support for the hardware forwarding in this feature sometimes results in multiple MAC address
entries for the same MAC address in the device’s MAC address table. In this case, each of the
entries is associated with a different VLAN. The multiple entries are a normal aspect of the
implementation of this feature and do not indicate a software problem.
•
By default, the primary VLAN does not forward broadcast or unknown unicast packets into the
private VLAN. You also can use MAC address filters to control traffic forwarded into and out of
the private VLAN. If you are implementing the private VLAN on a Layer 2 Switch, you also can
use ACLs to control the traffic into and out of the private VLAN.
Configuration notes
•
When Private VLAN mappings are enabled, the device forwards unknown unicast, unknown
multicast, and broadcast packets in software. By default, the device forwards unknown
unicast, unknown multicast, and broadcast packets in hardware.
•
Release 02.4.00 supports private VLANs on untagged ports only. You cannot configure
isolated, community, or primary VLANs on 802.1Q tagged ports.
TABLE 64
Comparison of private VLANs and standard port-based VLANs
Forwarding behavior
Private VLANs
Standard VLANs
All ports within a VLAN constitute a
common Layer broadcast domain
No
Yes
Broadcasts and unknown unicasts
are forwarded to all the VLAN’s ports
by default
No (isolated VLAN)
Yes (community VLAN)
Yes
Known unicasts
Yes
Yes
Summary of Contents for Brocade DCX
Page 40: ...xl BigIron RX Series Configuration Guide 53 1001810 01 ...
Page 72: ...lxxii BigIron RX Series Configuration Guide 53 1001810 01 ...
Page 88: ...16 BigIron RX Series Configuration Guide 53 1001810 01 Searching and filtering output 1 ...
Page 300: ...228 BigIron RX Series Configuration Guide 53 1001810 01 Displaying IP information 7 ...
Page 318: ...246 BigIron RX Series Configuration Guide 53 1001810 01 Deploying a LAG 8 ...
Page 418: ...346 BigIron RX Series Configuration Guide 53 1001810 01 SuperSpan 12 ...
Page 482: ...410 BigIron RX Series Configuration Guide 53 1001810 01 MRP CLI example 14 ...
Page 506: ...434 BigIron RX Series Configuration Guide 53 1001810 01 Displaying VSRP information 15 ...
Page 582: ...510 BigIron RX Series Configuration Guide 53 1001810 01 Viewing Layer 2 ACLs 20 ...
Page 634: ...562 BigIron RX Series Configuration Guide 53 1001810 01 Troubleshooting ACLs 21 ...
Page 642: ...570 BigIron RX Series Configuration Guide 53 1001810 01 Trunk formation 22 ...
Page 746: ...674 BigIron RX Series Configuration Guide 53 1001810 01 Displaying RIP filters 24 ...
Page 808: ...736 BigIron RX Series Configuration Guide 53 1001810 01 Displaying OSPF information 25 ...
Page 938: ...866 BigIron RX Series Configuration Guide 53 1001810 01 Displaying MBGP information 27 ...
Page 950: ...878 BigIron RX Series Configuration Guide 53 1001810 01 Using secure copy 28 ...
Page 988: ...916 BigIron RX Series Configuration Guide 53 1001810 01 Clearing IS IS information 29 ...
Page 1054: ...982 BigIron RX Series Configuration Guide 53 1001810 01 Sample 802 1x configurations 33 ...
Page 1108: ...1036 BigIron RX Series Configuration Guide 53 1001810 01 sFlow 39 ...
Page 1190: ...1118 BigIron RX Series Configuration Guide 53 1001810 01 Displaying RIPng information 44 ...
Page 1270: ...1198 BigIron RX Series Configuration Guide 53 1001810 01 Displaying ACLs 47 ...
Page 1310: ...1238 BigIron RX Series Configuration Guide 53 1001810 01 Displaying OSPFv3 information 48 ...
Page 1382: ...1310 BigIron RX Series Configuration Guide 53 1001810 01 Commands That Require a Reload D ...
Page 1435: ...BigIron RX Series Configuration Guide 1363 53 1001810 01 VSRP E ...
Page 1436: ...1364 BigIron RX Series Configuration Guide 53 1001810 01 VSRP E ...