Manuals / Cisco Systems / Computer Equipment / Switch

Cisco Systems N3KC3048TP1GE, N3KC3064TFAL3 manual Associating Primary and Secondary VLANs

Models: N3KC3064TFAL3 N3KC3048TP1GE

1 164

Download 164 pages 5.98 Kb

Page 54

Associating Primary and Secondary VLANs

Configuring Private VLANs

Primary, Isolated, and Community Private VLANs

The following figure shows the traffic flows within a PVLAN, along with the types of VLANs and types of ports.

Figure 4: Private VLAN Traffic Flows

Note The PVLAN traffic flows are unidirectional from the host ports to the promiscuous ports. Traffic received on primary VLAN enforces no separation and forwarding is done as in a normal VLAN.

A promiscuous access port can serve only one primary VLAN and multiple secondary VLANs (community and isolated VLANs). With a promiscuous port, you can connect a wide range of devices as access points to a PVLAN. For example, you can use a promiscuous port to monitor or back up all the PVLAN servers from an administration workstation.

In a switched environment, you can assign an individual PVLAN and associated IP subnet to each individual or common group of end stations. The end stations need to communicate only with a default gateway to communicate outside the private VLAN.

Associating Primary and Secondary VLANs

To allow host ports in secondary VLANs to communicate outside the PVLAN, you associate secondary VLANs to the primary VLAN. If the association is not operational, the host ports (community and isolated ports) in the secondary VLAN are brought down.

Note You can associate a secondary VLAN with only one primary VLAN.

	Cisco Nexus 3000 NX-OS Layer 2 Switching Configuration Guide, Release 5.0(3)U3(1)
40	OL-26590-01

Image 54

Cisco Systems N3KC3048TP1GE, N3KC3064TFAL3 manual Associating Primary and Secondary VLANs

Contents

Cisco Systems, Inc Americas HeadquartersFirst Published February 29 Last Modified March 22 170 West Tasman Drive San Jose, CACisco Systems, Inc. All rights reserved Audience Document Conventions Obtaining Documentation and Submitting a Service RequestC O N T E N T S Related Documentation for Nexus 3000 Series NX-OS SoftwareAbout the Debounce Timer Parameters Default CDP ConfigurationAbout the Error-Disabled State About MTU ConfigurationVerifying VLAN Configuration Configuring a VLAN as a Management SVIConfiguring VTP Configuring a Private VLANVerifying Interface Configuration Configuring Access and Trunk InterfacesConfiguring Trunk Ports Enabling Store-and-Forward Switching Reenabling Cut-Through SwitchingConfiguring Rapid PVST+ Enabling Rapid PVST+ Protocol Timers Port Roles Port StatesForwarding State Disabled State Summary of Port States Enabling Rapid PVST+ per VLAN Configuring the Root Bridge IDEntering MST Configuration Mode Specifying the MST Name MST Overview MST Regions MST BPDUs MST Configuration InformationConfiguring MST MST Configuration Guidelines Enabling MST Specifying the MST Configuration Revision NumberSTP Extensions Configuration Guidelines Verifying MST ConfigurationsConfiguring STP Extensions Configuring Spanning Tree Port Types GloballyVerifying IGMP Snooping Configuration Verifying the MAC Address ConfigurationConfiguring IGMP Snooping Parameters Configuring Traffic Storm ControlAudience Obtaining Documentation and Submitting a Service Request, pagePreface Document ConventionsDescription Related Documentation for Nexus 3000 Series NX-OS SoftwareConvention ConventionError and System Messages Installation and Upgrade GuidesConfiguration Guides Release NotesObtaining Documentation and Submitting a Service Request C H A P T E R FeatureNew and Changed Information for this Release New and Changed Information for this Release, pageNew and Changed Information for this Release New and Changed Information for this ReleaseOL-26590-01 Overview Layer 2 Ethernet Switching OverviewLayer 2 Ethernet Switching Overview, page VLANs, page VLANsPrivate VLANs Spanning TreeSTP Overview Rapid PVST+ STP ExtensionsOverview STP Extensions OL-26590-01Configuring Ethernet Interfaces, page Configuring Ethernet InterfacesAbout the Interface Command Default Physical Ethernet Settings , pageAbout the Unidirectional Link Detection Parameter Default UDLD Configuration UDLD Aggressive and Nonaggressive ModesFeature About Interface Speed About the Error-Disabled StateDefault CDP Configuration About the Cisco Discovery ProtocolAbout MTU Configuration Configuring Ethernet InterfacesAbout the Debounce Timer Parameters About Port ProfilesCommand or Action Configuring the UDLD ModeProcedure switch# configure terminalrunning-config startup-config Changing an Interface Port Moderunning-config bootflash profile portmode portmodeCommand or Action Configuring Interface SpeedProcedure switch# configure terminalCommand or Action Disabling Link NegotiationProcedure Command or Actiondevice-id mac-address Configuring the CDP Characteristicsadvertise v1 serial-number system-nameCommand or Action Enabling or Disabling CDPProcedure Command or Actionerrdisable detect cause all link-flap Enabling the Error-Disabled Detectionconfig t show interface status err-disabledEnters configuration mode Enabling the Error-Disabled RecoveryConfiguring the Error-Disabled Recovery Interval Procedureerrdisable recovery interval interval Configuring the Debounce TimerConfiguring the Description Parameter Step 3 show interface status err-disabledProcedure Displaying Interface InformationDisabling and Restarting Ethernet Interfaces Command or Actionswitch# show interface type slot / port capabilities Commandswitch# show interface type slot / port switch# show interface type slot / port transceiverDisplaying Input Packet Discard Information Default Physical Ethernet Settings Default SettingParameter Configuring Ethernet Interfaces Default Physical Ethernet Settings OL-26590-01Configuring Ethernet Interfaces Default Physical Ethernet Settings OL-26590-01Information About VLANs Configuring VLANsInformation About VLANs, page Configuring a VLAN, page Understanding VLANsVLAN Ranges Range Creating, Deleting, and Modifying VLANsVLANs Numbers UsageCreating and Deleting a VLAN Configuring a VLANAbout the VLAN Trunking Protocol Guidelines and Limitations for VTPCommand or Action Configuring a VLANProcedure switch# configure terminalactive suspend switchconfig# interface ethernetAdding Ports to a VLAN Procedureconfigure terminal Configuring a VLAN as a Routed SVIswitchconfig-if# switchport access vlan Enters global configuration modeCreates a VLAN interface SVI and configures the Configuring a VLAN as a Management SVIConfiguring VTP Copies the running configuration to the startupcopy running-config vtp passwordshow vtp password startup-configswitch# show vlan brief id vlanid vlanrange name name Verifying VLAN Configurationswitch# show running-config vlan vlanid vlanrange summaryVerifying the Private VLAN Configuration, page Configuring Private VLANsConfiguring a Private VLAN, page Information About Private VLANsPrimary and Secondary VLANs in Private VLANs Private VLAN PortsPrimary, Isolated, and Community Private VLANs Associating Primary and Secondary VLANs Broadcast Traffic in Private VLANs Private VLAN Promiscuous TrunksPrivate VLAN Isolated Trunks Private VLAN Port IsolationGuidelines and Limitations for Private VLANs Configuring a Private VLANswitchconfig# feature private-vlan Enabling Private VLANscommunity isolated primary Configuring a VLAN as a Private VLANAssociating Secondary VLANs with a Primary Private VLAN ProcedureCommand or Action associationProcedure switch# configure terminalswitchconfig-if# switchport private-vlan Configuring an Interface as a Private VLAN Host PortConfiguring an Interface as a Private VLAN Promiscuous Port private-vlan hostConfiguring the Allowed VLANs for PVLAN Trunking Ports Configuring a Promiscuous Trunk PortConfiguring an Isolated Trunk Port private-vlan promiscuousswitch# show feature Verifying the Private VLAN ConfigurationConfiguring Native 802.1Q VLANs on Private VLANs switch# show interface switchportConfiguring Private VLANs Verifying the Private VLAN Configuration OL-26590-01Understanding Access and Trunk Interfaces Configuring Access and Trunk InterfacesInformation About Access and Trunk Interfaces Information About Access and Trunk Interfaces, pageUnderstanding IEEE 802.1Q Encapsulation Figure 5 Devices in a Trunking EnvironmentUnderstanding Access VLANs Figure 6 Header without and with 802.1Q Tag IncludedUnderstanding the Native VLAN ID for Trunk Ports Understanding Allowed VLANsUnderstanding Native 802.1Q VLANs mode access trunk Configuring Access and Trunk InterfacesConfiguring a LAN Interface as an Ethernet Access Port VLAN, use the switchport access vlan commandProcedure Configuring Access Host PortsConfiguring Trunk Ports Procedurespecified trunk, use the switchport trunk allowed vlan Configuring the Native VLAN for 802.1Q Trunking PortsConfiguring the Allowed VLANs for Trunking Ports port-channel numberallowed vlan vlan-list all none add except none remove vlan-list Configuring Native 802.1Q VLANsStep 1 switch# configure terminal Procedureswitch# show vlan dot1q tag native Verifying Interface Configurationswitchconfig# no vlan dot1q tag switch# show interfaceConfiguring Access and Trunk Interfaces Verifying Interface ConfigurationOL-26590-01 Information About Switching Modes, page Configuring Switching ModesInformation About Switching Modes Guidelines and Limitations for Switching Modes, pageCut-Through Switching Mode Guidelines and Limitations Guidelines and Limitations for Switching ModesLicensing Requirements for Switching Modes Store-and-Forward Switching Mode Guidelines and LimitationsEnabling Store-and-Forward Switching Default Settings for Switching ModesConfiguring Switching Modes Reenabling Cut-Through SwitchingReleases Feature History for Switching ModesFeature Name InformationVerifying Rapid PVST+ Configurations, page Configuring Rapid PVST+Information About Rapid PVST+, page Configuring Rapid PVST+, page Information About Rapid PVST+Understanding How a Topology is Created Understanding the Bridge IDBridge Priority Value Bridge Priority Value Extended System IDSTP MAC Address Allocation 8192Understanding BPDUs Election of the Root Bridge Creating the Spanning Tree TopologyFigure 8 Spanning Tree Topology Understanding Rapid PVST+ Rapid PVST+ OverviewRapid PVST+ BPDUs Proposal and Agreement Handshake Figure 10 Proposal and Agreement Handshaking for Rapid ConvergenceVariable Protocol TimersPort Roles DescriptionPort States Rapid PVST+ Port State OverviewBlocking State Learning StateForwarding State Summary of Port States Disabled StateSynchronization of Port Roles Operational StatusProcessing Superior BPDU Information Processing Inferior BPDU Information Spanning-Tree Dispute MechanismPort Cost BandwidthPort Priority Rapid PVST+ and IEEE 802.1Q TrunksRapid PVST+ Interoperation with Legacy 802.1D STP BandwidthConfiguring Rapid PVST+ Rapid PVST+ Interoperation with 802.1s MSTEnabling Rapid PVST+ Enabling Rapid PVST+ per VLAN mode rapid-pvstswitch# configure terminalConfiguring the Root Bridge ID Command or ActionPurpose Command or Action Configuring a Secondary Root BridgeProcedure Step 1 switch# configure terminalProcedure Configuring the Rapid PVST+ Port Priorityvlan vlan-list port-priority priority Procedurepathcost method long short Configuring the Rapid PVST+ Pathcost Method and Port CostConfiguring the Rapid PVST+ Bridge Priority of a VLAN vlan vlan-id cost value autoProcedure Configuring the Rapid PVST+ Hello Time for a VLANswitchconfig# spanning-tree vlan ProcedureSpecifying the Link Type Configuring the Rapid PVST+ Forward Delay Time for a VLANConfiguring the Rapid PVST+ Maximum Age Time for a VLAN Procedureswitch# show running-config spanning-tree all Verifying Rapid PVST+ Configurationsswitch# clear spanning-tree detected-protocol Restarting the ProtocolConfiguring Rapid PVST+ Verifying Rapid PVST+ Configurations switch# show spanning-tree optionsCommand switch# show spanning-tree briefConfiguring Rapid PVST+ Verifying Rapid PVST+ Configurations OL-26590-01Verifying MST Configurations, page Configuring Multiple Spanning TreeInformation About MST, page Configuring MST, page Information About MSTMST Regions MST BPDUsFigure 14 MST BPDU with M-Records for MSTIs MST Configuration Information IST, CIST, and CSTIST, CIST, and CST Overview Spanning Tree Operation Within an MST Region Spanning Tree Operations Between MST RegionsMST Terminology Figure 15 MST Regions, CIST Regional Roots, and CST RootHop Count Boundary PortsSpanning-Tree Dispute Mechanism Figure 16 MST Boundary PortsFigure 17 Detecting a Unidirectional Link Failure Port Cost and Port Priority Interoperability with IEEE 802.1DInteroperability with Rapid PVST+ Understanding PVST Simulation Configuring MSTMST Configuration Guidelines Enabling MSTswitchconfig# no spanning-tree mode mst Entering MST Configuration Modeswitchconfig# spanning-tree mode mst mst configurationspanning-tree mst switchconfig# spanning-tree mstSpecifying the MST Name ProcedureProcedure Specifying the MST Configuration Revision NumberSpecifying the Configuration on an MST Region ProcedurePurpose Command or ActionWhen you map VLANs to an MST instance, the mapping is StepCommand or Action Mapping and Unmapping VLANs to MST InstancesProcedure switch# configure terminalmst instance-id root primary Configuring the Root Bridgesynchronize ProcedureConfiguring a Secondary Root Bridge Step 3 switchconfig# no spanning-tree mst instance-id rootsecondary diameter dia hello-time hello-time ProcedureCommand or Action Configuring the Port PriorityProcedure Command or ActionProcedure Configuring the Port CostConfiguring the Switch Priority Command or ActionProcedure Configuring the Hello Timehello-time seconds ProcedureProcedure Configuring the Forwarding-Delay TimeConfiguring the Maximum-Aging Time Proceduremst max-age seconds Configuring the Maximum-Hop CountConfiguring PVST Simulation Globally max-hops hop-countspanning-tree mst simulate pvst global command Configuring PVST Simulation Per Portsimulate pvst disable mst simulate pvst globalStep 1 switch# configure terminal ProcedureCommand or Action Specifying the Link Typeswitch# show spanning-tree mst options Verifying MST Configurationsswitch# show running-config spanning-tree all ProcedureInformation About STP Extensions Configuring STP ExtensionsAbout STP Extensions Understanding STP Port TypesSpanning Tree Network Ports Understanding Bridge AssuranceUnderstanding BPDU Guard Spanning Tree Normal PortsBPDU Filtering Global ConfigurationUnderstanding BPDU Filtering STP Edge PortConfiguration Understanding Loop GuardUnderstanding Root Guard ConfigurationConfiguring Spanning Tree Port Types Globally Configuring STP ExtensionsSTP Extensions Configuration Guidelines Before You Beginport type network default Configuring Spanning Tree Edge Ports on Specified Interfacesport type edge default ProcedureProcedure Configuring Spanning Tree Network Ports on Specified Interfacesport type edge Command or ActionProcedure Enabling BPDU Guard Globallyport type network Command or Actionbpduguard enable disable switchconfig# spanning-tree port typeedge bpduguard default spanning-tree port type edge bpduguard default commandProcedure edge bpdufilter defaultEnabling BPDU Filtering Globally Command or Actionbpdufilter bpdufilter enable disableEnabling BPDU Filtering on Specified Interfaces ProcedureEnabling Loop Guard or Root Guard on Specified Interfaces loopguard defaultEnabling Loop Guard Globally ProcedureProcedure Verifying STP Extension Configurationguard loop root none Command or ActionConfiguring STP Extensions Verifying STP Extension Configuration OL-26590-01Configuring Global LLDP Commands, page Configuring LLDPConfiguring Global LLDP Commands Configuring Interface LLDP Commands, pageCommand or Action holdtime reinit timerProcedure Step 1 switch# configure terminalProcedure Configuring Interface LLDP Commandstransmit Command or ActionConfiguring LLDP Configuring Interface LLDP Commands This example shows how to display LLDP timer informationThis example shows how to display LLDP counters switch# show lldp timers LLDP TimersConfiguring a Static MAC Address Configuring the MAC Address TableConfiguring MAC Addresses Information About MAC Addresses, page Configuring MAC Addresses, pageProcedure Configuring the Aging Time for the MAC Tableswitchconfig-# no mac-address-table static Procedureswitch# show mac-address-table aging-time Verifying the MAC Address Configurationswitchconfig# clear mac-address-table dynamic defined in the switchConfiguring the MAC Address Table This example shows how to display the MAC address tableThis example shows how to display the current aging time Verifying the MAC Address ConfigurationVerifying IGMP Snooping Configuration, page Configuring IGMP SnoopingConfiguring IGMP Snooping Parameters, page Information About IGMP SnoopingIGMPv1 and IGMPv2 Figure 18 IGMP Snooping SwitchIGMPv3 IGMP Snooping QuerierIGMP Forwarding Configuring IGMP Snooping Parameters ParameterDescription snooping no ip igmp snooping mrouter vpc-peer-linkno ip igmp snooping mrouter Procedurelast-member-query-interval snooping explicit-trackingsnooping fast-leave snooping querier IP-addressswitch# show ip igmp snooping groups vlan vlan-id detail Verifying IGMP Snooping Configurationswitch# show ip igmp snooping vlan vlan-id switch# show ip igmp snooping querier vlan vlan-idConfiguring IGMP Snooping Verifying IGMP Snooping Configuration OL-26590-01Traffic Storm Control Example Configuration, page Configuring Traffic Storm ControlConfiguring Traffic Storm Control, page Default Traffic Storm Settings, pageTraffic Storm Guidelines and Limitations Figure 19 Broadcast Suppressionmulticast unicast level percentage . fraction Configuring Traffic Storm Controlswitchconfig-if# storm-control broadcast ProcedureVerifying Traffic Storm Control Configuration Traffic Storm Control Example ConfigurationDefault Traffic Storm Settings switch# show running-config interfaceI N D E Page Page adding ports to