Private VLANs
Feature |
Product |
Release introduced |
---|---|---|
For configuration details, see VOSS User Guide. |
||
E-Tree and Private VLANs |
5520 Series |
VOSS 8.2.5 |
VSP 4450 Series |
VSP 4000 4.0 |
|
VSP 4900 Series |
VOSS 8.1 |
|
VSP 7200 Series |
VOSS 4.2.1 |
|
VSP 7400 Series |
VOSS 8.0 |
|
VSP 8200 Series |
VOSS 4.1 |
|
VSP 8400 Series |
VOSS 4.2 |
|
VSP 8600 Series |
Not Supported |
|
XA1400 Series |
Not Supported |
Port Types
Private VLANs provide isolation between ports within a Layer-2 service.
The primary and secondary VLAN make the private VLAN. Standard VLAN configuration takes place on the primary VLAN. The secondary VLAN is virtual and inherits configuration from the primary VLAN.
Ports in the private VLAN are configured as isolated, promiscuous, or trunk. The default value is None.
Port type |
Description |
---|---|
Promiscuous (tagged or untagged ports) |
Promiscuous ports communicate with all other ports within the private VLAN. Uses the primary VLAN. |
Isolated (tagged or untagged ports) |
Isolated ports communicate with the promiscuous ports, but not with any other isolated port. Uses the secondary VLAN. |
Trunk (tagged ports) |
Trunk ports carry traffic between other port members within the private VLANs. Accepts either primary or secondary VLAN. |
Trunk ports must have VLAN encapsulation enabled. A port may be a single port or may belong to an MLT.
The following figure shows a basic private VLAN topology with private VLAN configured on five switches. All ports connecting to other switches are trunk type ports and all other ports are either promiscuous or isolated ports. On the secondary VLAN, spokes can communicate with hubs, hubs can communicate with all spokes in the same private VLAN using the primary VLAN, but spokes cannot communicate with other spokes.
E-Tree
The E-Tree allows private VLANs to traverse the Shortest Path Bridging MAC (SPBM) network.
For more information about E-Tree and SPBM configuration, see E-Tree and Private VLAN topology.
Private VLAN Configuration Rules
The following are private VLAN rules for the switch:
Use private VLANs for Layer 2 services only
Forwarding is based on MAC address based lookups
IP routing and creation of IP interfaces are not supported on private VLANs
Configuration of IP Source Guard (IPSG) is not supported on ports that are members of private VLANs.
Do not use the untag-port default vlan parameter on private VLAN interfaces that are operating as trunk ports, because it impacts the private VLAN functionality.