Cisco Systems N3KC3064TFAL3 manual Private VLAN Promiscuous Trunks, Private VLAN Isolated Trunks

Configuring Private VLANs

Private VLAN Promiscuous Trunks

For an association to be operational, the following conditions must be met:

•The primary VLAN must exist and be configured as a primary VLAN.

•The secondary VLAN must exist and be configured as either an isolated or community VLAN.

Note Use the show vlan private-vlancommand to verify that the association is operational. The switch does not display an error message when the association is nonoperational.

If you delete either the primary or secondary VLAN, the ports that are associated with the VLAN become inactive. Use the no private-vlancommand to return the VLAN to the normal mode. All primary and secondary associations on that VLAN are suspended, but the interfaces remain in PVLAN mode. When you convert the VLAN back to PVLAN mode, the original associations are reinstated.

If you enter the no vlan command for the primary VLAN, all PVLAN associations with that VLAN are deleted. However, if you enter the no vlan command for a secondary VLAN, the PVLAN associations with that VLAN are suspended and are restored when you recreate the specified VLAN and configure it as the previous secondary VLAN.

In order to change the association between a secondary and primary VLAN, you must first remove the current association and then add the desired association.

Private VLAN Promiscuous Trunks

The Cisco Nexus 3000 Series device does not support Private VLAN trunk ports.

Private VLAN Isolated Trunks

The Cisco Nexus 3000 Series device does not support Private VLAN trunk ports.

Broadcast Traffic in Private VLANs

Broadcast traffic from ports in a private VLAN flows in the following ways:

•The broadcast traffic flows from a promiscuous port to all ports in the primary VLAN (which includes all the ports in the community and isolated VLANs). This broadcast traffic is distributed to all ports within the primary VLAN, including those ports that are not configured with private VLAN parameters.

•The broadcast traffic from an isolated port is distributed only to those promiscuous ports in the primary VLAN that are associated to that isolated port.

•The broadcast traffic from community ports is distributed to all ports within the port’s community and to all promiscuous ports that are associated to the community port. The broadcast packets are not distributed to any other communities within the primary VLAN or to any isolated ports.

Private VLAN Port Isolation

You can use PVLANs to control access to end stations as follows:

Cisco Nexus 3000 NX-OS Layer 2 Switching Configuration Guide, Release 5.0(3)U3(1)