Manuals / Cisco Systems / Computer Equipment / Switch

Cisco Systems N3KC3048TP1GE Primary and Secondary VLANs in Private VLANs, Private VLAN Ports

Models: N3KC3064TFAL3 N3KC3048TP1GE

1 164

Download 164 pages 5.98 Kb

Page 52

Primary and Secondary VLANs in Private VLANs

Configuring Private VLANs

Primary and Secondary VLANs in Private VLANs

the associated promiscuous port in its primary VLAN. Hosts on community VLANs can communicate among themselves and with their associated promiscuous port but not with ports in other community VLANs.

Figure 3: Private VLAN Domain

Note You must first create the VLAN before you can convert it to a PVLAN, either primary or secondary.

Primary and Secondary VLANs in Private VLANs

A private VLAN domain has only one primary VLAN. Each port in a private VLAN domain is a member of the primary VLAN; the primary VLAN is the entire private VLAN domain.

Secondary VLANs provide isolation between ports within the same private VLAN domain. The following two types are secondary VLANs within a primary VLAN:

•Isolated VLANs—Ports within an isolated VLAN cannot communicate directly with each other at the Layer 2 level.

•Community VLANs—Ports within a community VLAN can communicate with each other but cannot communicate with ports in other community VLANs or in any isolated VLANs at the Layer 2 level.

Private VLAN Ports

The three types of PVLAN ports are as follows:

	Cisco Nexus 3000 NX-OS Layer 2 Switching Configuration Guide, Release 5.0(3)U3(1)
38	OL-26590-01

Image 52

Cisco Systems N3KC3048TP1GE, N3KC3064TFAL3 manual Primary and Secondary VLANs in Private VLANs, Private VLAN Ports

Contents

Americas Headquarters First Published February 29 Last Modified March 22Cisco Systems, Inc 170 West Tasman Drive San Jose, CACisco Systems, Inc. All rights reserved Obtaining Documentation and Submitting a Service Request C O N T E N T SAudience Document Conventions Related Documentation for Nexus 3000 Series NX-OS SoftwareDefault CDP Configuration About the Error-Disabled StateAbout the Debounce Timer Parameters About MTU ConfigurationConfiguring a VLAN as a Management SVI Configuring VTPVerifying VLAN Configuration Configuring a Private VLANConfiguring Access and Trunk Interfaces Configuring Trunk PortsVerifying Interface Configuration Enabling Store-and-Forward Switching Reenabling Cut-Through SwitchingProtocol Timers Port Roles Port States Forwarding State Disabled State Summary of Port StatesConfiguring Rapid PVST+ Enabling Rapid PVST+ Enabling Rapid PVST+ per VLAN Configuring the Root Bridge IDMST Overview MST Regions MST BPDUs MST Configuration Information Configuring MST MST Configuration Guidelines Enabling MSTEntering MST Configuration Mode Specifying the MST Name Specifying the MST Configuration Revision NumberVerifying MST Configurations Configuring STP ExtensionsSTP Extensions Configuration Guidelines Configuring Spanning Tree Port Types GloballyVerifying the MAC Address Configuration Configuring IGMP Snooping ParametersVerifying IGMP Snooping Configuration Configuring Traffic Storm ControlObtaining Documentation and Submitting a Service Request, page PrefaceAudience Document ConventionsRelated Documentation for Nexus 3000 Series NX-OS Software ConventionDescription ConventionInstallation and Upgrade Guides Configuration GuidesError and System Messages Release NotesObtaining Documentation and Submitting a Service Request Feature New and Changed Information for this ReleaseC H A P T E R New and Changed Information for this Release, pageNew and Changed Information for this Release New and Changed Information for this ReleaseOL-26590-01 Layer 2 Ethernet Switching Overview Layer 2 Ethernet Switching Overview, page VLANs, pageOverview VLANsSpanning Tree Private VLANsSTP Overview Rapid PVST+ STP ExtensionsOverview STP Extensions OL-26590-01Configuring Ethernet Interfaces About the Interface CommandConfiguring Ethernet Interfaces, page Default Physical Ethernet Settings , pageAbout the Unidirectional Link Detection Parameter UDLD Aggressive and Nonaggressive Modes Default UDLD ConfigurationFeature About the Error-Disabled State Default CDP ConfigurationAbout Interface Speed About the Cisco Discovery ProtocolConfiguring Ethernet Interfaces About the Debounce Timer ParametersAbout MTU Configuration About Port ProfilesConfiguring the UDLD Mode ProcedureCommand or Action switch# configure terminalChanging an Interface Port Mode running-config bootflashrunning-config startup-config profile portmode portmodeConfiguring Interface Speed ProcedureCommand or Action switch# configure terminalDisabling Link Negotiation ProcedureCommand or Action Command or ActionConfiguring the CDP Characteristics advertise v1device-id mac-address serial-number system-nameEnabling or Disabling CDP ProcedureCommand or Action Command or ActionEnabling the Error-Disabled Detection config terrdisable detect cause all link-flap show interface status err-disabledEnabling the Error-Disabled Recovery Configuring the Error-Disabled Recovery IntervalEnters configuration mode ProcedureConfiguring the Debounce Timer Configuring the Description Parametererrdisable recovery interval interval Step 3 show interface status err-disabledDisplaying Interface Information Disabling and Restarting Ethernet InterfacesProcedure Command or ActionCommand switch# show interface type slot / portswitch# show interface type slot / port capabilities switch# show interface type slot / port transceiverDisplaying Input Packet Discard Information Default Setting Default Physical Ethernet SettingsParameter Configuring Ethernet Interfaces Default Physical Ethernet Settings OL-26590-01Configuring Ethernet Interfaces Default Physical Ethernet Settings OL-26590-01Configuring VLANs Information About VLANs, page Configuring a VLAN, pageInformation About VLANs Understanding VLANsVLAN Ranges Creating, Deleting, and Modifying VLANs VLANs NumbersRange UsageConfiguring a VLAN About the VLAN Trunking ProtocolCreating and Deleting a VLAN Guidelines and Limitations for VTPConfiguring a VLAN ProcedureCommand or Action switch# configure terminalswitchconfig# interface ethernet Adding Ports to a VLANactive suspend ProcedureConfiguring a VLAN as a Routed SVI switchconfig-if# switchport access vlanconfigure terminal Enters global configuration modeConfiguring a VLAN as a Management SVI Configuring VTPCreates a VLAN interface SVI and configures the Copies the running configuration to the startupvtp password show vtp passwordcopy running-config startup-configVerifying VLAN Configuration switch# show running-config vlan vlanid vlanrangeswitch# show vlan brief id vlanid vlanrange name name summaryConfiguring Private VLANs Configuring a Private VLAN, pageVerifying the Private VLAN Configuration, page Information About Private VLANsPrimary and Secondary VLANs in Private VLANs Private VLAN PortsPrimary, Isolated, and Community Private VLANs Associating Primary and Secondary VLANs Private VLAN Promiscuous Trunks Private VLAN Isolated TrunksBroadcast Traffic in Private VLANs Private VLAN Port IsolationConfiguring a Private VLAN switchconfig# feature private-vlanGuidelines and Limitations for Private VLANs Enabling Private VLANsConfiguring a VLAN as a Private VLAN Associating Secondary VLANs with a Primary Private VLANcommunity isolated primary Procedureassociation ProcedureCommand or Action switch# configure terminalConfiguring an Interface as a Private VLAN Host Port Configuring an Interface as a Private VLAN Promiscuous Portswitchconfig-if# switchport private-vlan private-vlan hostConfiguring a Promiscuous Trunk Port Configuring an Isolated Trunk PortConfiguring the Allowed VLANs for PVLAN Trunking Ports private-vlan promiscuousVerifying the Private VLAN Configuration Configuring Native 802.1Q VLANs on Private VLANsswitch# show feature switch# show interface switchportConfiguring Private VLANs Verifying the Private VLAN Configuration OL-26590-01Configuring Access and Trunk Interfaces Information About Access and Trunk InterfacesUnderstanding Access and Trunk Interfaces Information About Access and Trunk Interfaces, pageUnderstanding IEEE 802.1Q Encapsulation Figure 5 Devices in a Trunking EnvironmentUnderstanding Access VLANs Figure 6 Header without and with 802.1Q Tag IncludedUnderstanding Allowed VLANs Understanding the Native VLAN ID for Trunk PortsUnderstanding Native 802.1Q VLANs Configuring Access and Trunk Interfaces Configuring a LAN Interface as an Ethernet Access Portmode access trunk VLAN, use the switchport access vlan commandConfiguring Access Host Ports Configuring Trunk PortsProcedure ProcedureConfiguring the Native VLAN for 802.1Q Trunking Ports Configuring the Allowed VLANs for Trunking Portsspecified trunk, use the switchport trunk allowed vlan port-channel numberConfiguring Native 802.1Q VLANs Step 1 switch# configure terminalallowed vlan vlan-list all none add except none remove vlan-list ProcedureVerifying Interface Configuration switchconfig# no vlan dot1q tagswitch# show vlan dot1q tag native switch# show interfaceVerifying Interface Configuration Configuring Access and Trunk InterfacesOL-26590-01 Configuring Switching Modes Information About Switching ModesInformation About Switching Modes, page Guidelines and Limitations for Switching Modes, pageGuidelines and Limitations for Switching Modes Licensing Requirements for Switching ModesCut-Through Switching Mode Guidelines and Limitations Store-and-Forward Switching Mode Guidelines and LimitationsDefault Settings for Switching Modes Configuring Switching ModesEnabling Store-and-Forward Switching Reenabling Cut-Through SwitchingFeature History for Switching Modes Feature NameReleases InformationConfiguring Rapid PVST+ Information About Rapid PVST+, page Configuring Rapid PVST+, pageVerifying Rapid PVST+ Configurations, page Information About Rapid PVST+Understanding the Bridge ID Understanding How a Topology is CreatedBridge Priority Value Extended System ID STP MAC Address AllocationBridge Priority Value 8192Understanding BPDUs Creating the Spanning Tree Topology Election of the Root BridgeFigure 8 Spanning Tree Topology Understanding Rapid PVST+ Rapid PVST+ OverviewRapid PVST+ BPDUs Proposal and Agreement Handshake Figure 10 Proposal and Agreement Handshaking for Rapid ConvergenceProtocol Timers Port RolesVariable DescriptionPort States Rapid PVST+ Port State OverviewLearning State Blocking StateForwarding State Disabled State Synchronization of Port RolesSummary of Port States Operational StatusProcessing Superior BPDU Information Spanning-Tree Dispute Mechanism Port CostProcessing Inferior BPDU Information BandwidthRapid PVST+ and IEEE 802.1Q Trunks Rapid PVST+ Interoperation with Legacy 802.1D STPPort Priority BandwidthRapid PVST+ Interoperation with 802.1s MST Configuring Rapid PVST+Enabling Rapid PVST+ mode rapid-pvst switch# configureEnabling Rapid PVST+ per VLAN terminalCommand or Action Configuring the Root Bridge IDPurpose Configuring a Secondary Root Bridge ProcedureCommand or Action Step 1 switch# configure terminalConfiguring the Rapid PVST+ Port Priority vlan vlan-list port-priority priorityProcedure ProcedureConfiguring the Rapid PVST+ Pathcost Method and Port Cost Configuring the Rapid PVST+ Bridge Priority of a VLANpathcost method long short vlan vlan-id cost value autoConfiguring the Rapid PVST+ Hello Time for a VLAN switchconfig# spanning-tree vlanProcedure ProcedureConfiguring the Rapid PVST+ Forward Delay Time for a VLAN Configuring the Rapid PVST+ Maximum Age Time for a VLANSpecifying the Link Type ProcedureVerifying Rapid PVST+ Configurations switch# clear spanning-tree detected-protocolswitch# show running-config spanning-tree all Restarting the Protocolswitch# show spanning-tree options CommandConfiguring Rapid PVST+ Verifying Rapid PVST+ Configurations switch# show spanning-tree briefConfiguring Rapid PVST+ Verifying Rapid PVST+ Configurations OL-26590-01Configuring Multiple Spanning Tree Information About MST, page Configuring MST, pageVerifying MST Configurations, page Information About MSTMST BPDUs MST RegionsFigure 14 MST BPDU with M-Records for MSTIs IST, CIST, and CST MST Configuration InformationIST, CIST, and CST Overview Spanning Tree Operation Within an MST Region Spanning Tree Operations Between MST RegionsMST Terminology Figure 15 MST Regions, CIST Regional Roots, and CST RootHop Count Boundary PortsFigure 16 MST Boundary Ports Spanning-Tree Dispute MechanismFigure 17 Detecting a Unidirectional Link Failure Port Cost and Port Priority Interoperability with IEEE 802.1DConfiguring MST MST Configuration GuidelinesInteroperability with Rapid PVST+ Understanding PVST Simulation Enabling MSTEntering MST Configuration Mode switchconfig# spanning-tree mode mstswitchconfig# no spanning-tree mode mst mst configurationswitchconfig# spanning-tree mst Specifying the MST Namespanning-tree mst ProcedureSpecifying the MST Configuration Revision Number Specifying the Configuration on an MST RegionProcedure ProcedureCommand or Action When you map VLANs to an MST instance, the mapping isPurpose StepMapping and Unmapping VLANs to MST Instances ProcedureCommand or Action switch# configure terminalConfiguring the Root Bridge synchronizemst instance-id root primary ProcedureStep 3 switchconfig# no spanning-tree mst instance-id root secondary diameter dia hello-time hello-timeConfiguring a Secondary Root Bridge ProcedureConfiguring the Port Priority ProcedureCommand or Action Command or ActionConfiguring the Port Cost Configuring the Switch PriorityProcedure Command or ActionConfiguring the Hello Time hello-time secondsProcedure ProcedureConfiguring the Forwarding-Delay Time Configuring the Maximum-Aging TimeProcedure ProcedureConfiguring the Maximum-Hop Count Configuring PVST Simulation Globallymst max-age seconds max-hops hop-countConfiguring PVST Simulation Per Port simulate pvst disablespanning-tree mst simulate pvst global command mst simulate pvst globalProcedure Command or ActionStep 1 switch# configure terminal Specifying the Link TypeVerifying MST Configurations switch# show running-config spanning-tree allswitch# show spanning-tree mst options ProcedureConfiguring STP Extensions About STP ExtensionsInformation About STP Extensions Understanding STP Port TypesUnderstanding Bridge Assurance Understanding BPDU GuardSpanning Tree Network Ports Spanning Tree Normal PortsConfiguration Understanding BPDU FilteringBPDU Filtering Global STP Edge PortUnderstanding Loop Guard Understanding Root GuardConfiguration ConfigurationConfiguring STP Extensions STP Extensions Configuration GuidelinesConfiguring Spanning Tree Port Types Globally Before You BeginConfiguring Spanning Tree Edge Ports on Specified Interfaces port type edge defaultport type network default ProcedureConfiguring Spanning Tree Network Ports on Specified Interfaces port type edgeProcedure Command or ActionEnabling BPDU Guard Globally port type networkProcedure Command or Actionswitchconfig# spanning-tree port type edge bpduguard defaultbpduguard enable disable spanning-tree port type edge bpduguard default commandedge bpdufilter default Enabling BPDU Filtering GloballyProcedure Command or Actionbpdufilter enable disable Enabling BPDU Filtering on Specified Interfacesbpdufilter Procedureloopguard default Enabling Loop Guard GloballyEnabling Loop Guard or Root Guard on Specified Interfaces ProcedureVerifying STP Extension Configuration guard loop root noneProcedure Command or ActionConfiguring STP Extensions Verifying STP Extension Configuration OL-26590-01Configuring LLDP Configuring Global LLDP CommandsConfiguring Global LLDP Commands, page Configuring Interface LLDP Commands, pageholdtime reinit timer ProcedureCommand or Action Step 1 switch# configure terminalConfiguring Interface LLDP Commands transmitProcedure Command or ActionThis example shows how to display LLDP timer information This example shows how to display LLDP countersConfiguring LLDP Configuring Interface LLDP Commands switch# show lldp timers LLDP TimersConfiguring the MAC Address Table Configuring MAC AddressesConfiguring a Static MAC Address Information About MAC Addresses, page Configuring MAC Addresses, pageConfiguring the Aging Time for the MAC Table switchconfig-# no mac-address-table staticProcedure ProcedureVerifying the MAC Address Configuration switchconfig# clear mac-address-table dynamicswitch# show mac-address-table aging-time defined in the switchThis example shows how to display the MAC address table This example shows how to display the current aging timeConfiguring the MAC Address Table Verifying the MAC Address ConfigurationConfiguring IGMP Snooping Configuring IGMP Snooping Parameters, pageVerifying IGMP Snooping Configuration, page Information About IGMP SnoopingIGMPv1 and IGMPv2 Figure 18 IGMP Snooping SwitchIGMP Snooping Querier IGMPv3IGMP Forwarding Parameter Configuring IGMP Snooping ParametersDescription no ip igmp snooping mrouter vpc-peer-link no ip igmp snooping mroutersnooping Proceduresnooping explicit-tracking snooping fast-leavelast-member-query-interval snooping querier IP-addressVerifying IGMP Snooping Configuration switch# show ip igmp snooping vlan vlan-idswitch# show ip igmp snooping groups vlan vlan-id detail switch# show ip igmp snooping querier vlan vlan-idConfiguring IGMP Snooping Verifying IGMP Snooping Configuration OL-26590-01Configuring Traffic Storm Control Configuring Traffic Storm Control, pageTraffic Storm Control Example Configuration, page Default Traffic Storm Settings, pageTraffic Storm Guidelines and Limitations Figure 19 Broadcast SuppressionConfiguring Traffic Storm Control switchconfig-if# storm-control broadcastmulticast unicast level percentage . fraction ProcedureTraffic Storm Control Example Configuration Default Traffic Storm SettingsVerifying Traffic Storm Control Configuration switch# show running-config interfaceI N D E Page Page adding ports to