Cisco Systems OL-25712-04 Private VLANs

Guidelines for VLAN IDs

Youcannot create VLANs with IDs from 3968 to 4047. This range of VLAN IDs is reserved.

VLANsin the LAN cloud and FCoEVLANs in the SAN cloudmust have different IDs. Using the same

IDfor aVLAN and an FCoE VLAN in a VSAN results in a critical fault and traffic disruption for all

vNICsand uplink ports using that VLAN. Ethernet traffic is dropped on any VLAN which has an ID that

overlapswith an FCoEVLAN ID.

Important

VLAN4048 is user-configurable. However, Cisco UCS Manager uses VLAN 4048 for the following default

values.If you want to assign 4048 to a VLAN, you must reconfigure these values:

• After an upgrade to Cisco UCS, release 2.0: The FCoE storage port native VLAN uses VLAN 4048 by

default.If the default FCoE VSAN wasset to use VLAN 1 beforethe upgrade, you must change it to a

VLANID that is not used or reserved. For example, consider changing the default to 4049 if that VLAN

IDis not in use.

• After a fresh install of Cisco UCS, release 2.0: The FCoE VLAN for the default VSAN uses VLAN

4048by default.The FCoE storage port native VLAN uses VLAN 4049.

TheVLAN name is casesensitive.

Private VLANs

Aprivate VLAN (PVLAN) partitions the Ethernet broadcast domain of a VLAN into subdomains and allows

youto isolate some ports. Each subdomain in a PVLAN includes a primary VLAN and one or more secondary

VLANs.All secondary VLANs in a PVLAN must share the same primary VLAN. The secondary VLAN ID

differentiatesone subdomain from another.

Isolated VLANs

Allsecondary VLANs in aCisco UCS domainmust be isolated VLANs. Cisco UCS doesnot support

communityVLANs.

Ports on Isolated VLANs

Communicationson an isolated VLAN can only use the associated port in the primary VLAN. These ports

areisolated ports and are not configurable in Cisco UCS Manager. If the primary VLAN includes multiple

secondaryVLANs, those isolated VLANs cannot communicate directly with each other.

Anisolated port is a host port that belongs to an isolated secondary VLAN. This port has complete isolation

fromother ports within the same private VLAN domain. PVLANs block all traffic to isolated ports except

trafficfrom promiscuous ports. Traffic received from an isolated port is forwarded only to promiscuous ports.

Youcan have more than one isolated port in a specified isolated VLAN. Each port is completely isolated from

allother portsin the isolatedVLAN.

Guidelines for Uplink Ports

Whenyou createPVLANs, be awareof the followingguidelines:

• The uplink Ethernet port channel cannot be in promiscuous mode.

• Each primary VLAN can have only one isolated VLAN.

Cisco UCS Manager GUI Configuration Guide, Release 2.0

278 OL-25712-04

Private VLANs