Configuring Private VLANs

Private VLANs in Networks

PromiscuousA promiscuous port belongs to the primary VLAN and can communicate with all interfaces, including the community and isolated host ports that belong to the secondary VLANs associated with the primary VLAN.

IsolatedAn isolated port is a host port that belongs to an isolated secondary VLAN. It has complete Layer 2 separation from other ports within the same private VLAN, except for the promiscuous ports. Private VLANs block all traffic to isolated ports except traffic from promiscuous ports. Traffic received from an isolated port is forwarded only to promiscuous ports.

CommunityA community port is a host port that belongs to a community secondary VLAN. Community ports communicate with other ports in the same community VLAN and with promiscuous ports. These interfaces are isolated at Layer 2 from all other interfaces in other communities and from isolated ports within their private VLAN.

Note Trunk ports carry traffic from regular VLANs and also from primary, isolated, and community VLANs.

Primary and secondary VLANs have these characteristics:

Primary VLANA private VLAN has only one primary VLAN. Every port in a private VLAN is a member of the primary VLAN. The primary VLAN carries unidirectional traffic downstream from the promiscuous ports to the (isolated and community) host ports and to other promiscuous ports.

Isolated VLAN A private VLAN has only one isolated VLAN. An isolated VLAN is a secondary VLAN that carries unidirectional traffic upstream from the hosts toward the promiscuous ports and the gateway.

Community VLANA community VLAN is a secondary VLAN that carries upstream traffic from the community ports to the promiscuous port gateways and to other host ports in the same community. You can configure multiple community VLANs in a private VLAN.

A promiscuous port can serve only one primary VLAN, one isolated VLAN, and multiple community VLANs. Layer 3 gateways are typically connected to the switch through a promiscuous port. With a promiscuous port, you can connect a wide range of devices as access points to a private VLAN. For example, you can use a promiscuous port to monitor or back up all the private VLAN servers from an administration workstation.

Related Topics

Configuring a Layer 2 Interface as a Private VLAN Host Port, on page 96

Example: Configuring an Interface as a Host Port, on page 102

Configuring a Layer 2 Interface as a Private VLAN Promiscuous Port, on page 98

Example: Configuring an Interface as a Private VLAN Promiscuous Port, on page 103

Private VLANs in Networks

In a switched environment, you can assign an individual private VLAN and associated IP subnet to each individual or common group of end stations. The end stations need to communicate only with a default gateway to communicate outside the private VLAN.

You can use private VLANs to control access to end stations in these ways:

Catalyst 2960-XR Switch VLAN Configuration Guide, Cisco IOS Release 15.0(2)EX1

OL-29440-01

89

Page 102 Page 104
Page 103
Image 103
Cisco Systems WSC2960XR48FPSI manual Private VLANs in Networks
Page 102 Page 104

WSC2960XR48FPSI specifications

The Cisco WSC2960XR48FPSI is an advanced, high-performance switch that plays a vital role in today's enterprise networking environments. Designed for reliability and efficiency, it serves as a foundational component for organizations concentrating on network agility and scalability.

One of the standout features of the WSC2960XR48FPSI is its ability to support 48 Gigabit Ethernet ports, facilitating high-speed connectivity across multiple devices. This capacity makes it an ideal choice for enterprises that require robust network infrastructure to handle large volumes of traffic effortlessly. Additionally, it includes two 10-Gigabyte SFP+ uplink ports, providing enhanced bandwidth for backbone connections, enabling seamless integration with data center environments.

The switch supports Cisco's StackPower technology, which allows multiple switches to share power resources. This capability not only provides redundancy but also ensures that organizational networks can be efficiently managed, reducing operational costs by utilizing power resources wisely.

In terms of reliability, the WSC2960XR48FPSI offers a fanless design, making it an optimal choice for deployments in noise-sensitive environments such as classrooms or offices. Its features include support for Cisco's FlexStack-Plus technology, which allows for easy stacking of up to eight units. This results in simplified management and increased bandwidth as switches in the stack operate as a single entity.

The switch is powered by Cisco IOS Software, providing robust features, including advanced security protocols, quality of service (QoS) capabilities, and comprehensive network management tools. With support for multicast routing and enhanced security, organizations can safeguard their data while ensuring smooth and reliable communication across applications.

Moreover, the Cisco WSC2960XR48FPSI is designed to be energy-efficient, compliant with IEEE 802.3az Energy Efficient Ethernet standards, which aids in reducing power consumption without sacrificing performance. This commitment to sustainability makes it a favorable option for organizations striving for greener operations.

To summarize, the Cisco WSC2960XR48FPSI is an exemplary model of reliability, scalability, and performance. Its sophisticated features, including high port density, advanced security measures, and energy efficiency, make it a cornerstone for modern enterprise networks, enabling organizations to adapt effectively in an ever-evolving digital landscape.
Top Page Image Contents