Cisco Systems 3130 User Manual
15-2
Cisco Catalyst Blade Switch 3130 for Dell Software Configuration Guide
OL-13270-01
Chapter 15 Configuring Private VLANs
Understanding Private VLANs
Figure 15-1
Private-VLAN Domain
There are two types of secondary VLANs:
•
Isolated VLANs—Ports within an isolated VLAN cannot communicate with each other at the
Layer 2 level.
Layer 2 level.
•
Community VLANs—Ports within a community VLAN can communicate with each other but
cannot communicate with ports in other communities at the Layer 2 level.
cannot communicate with ports in other communities at the Layer 2 level.
Private VLANs provide Layer 2 isolation between ports within the same private VLAN. Private-VLAN
ports are access ports that are one of these types:
ports are access ports that are one of these types:
•
Promiscuous—A promiscuous port belongs to the primary VLAN and can communicate with all
interfaces, including the community and isolated host ports that belong to the secondary VLANs
associated with the primary VLAN.
interfaces, including the community and isolated host ports that belong to the secondary VLANs
associated with the primary VLAN.
•
Isolated—An isolated port is a host port that belongs to an isolated secondary VLAN. It has
complete Layer 2 separation from other ports within the same private VLAN, except for the
promiscuous ports. Private VLANs block all traffic to isolated ports except traffic from promiscuous
ports. Traffic received from an isolated port is forwarded only to promiscuous ports.
complete Layer 2 separation from other ports within the same private VLAN, except for the
promiscuous ports. Private VLANs block all traffic to isolated ports except traffic from promiscuous
ports. Traffic received from an isolated port is forwarded only to promiscuous ports.
•
Community—A community port is a host port that belongs to a community secondary VLAN.
Community ports communicate with other ports in the same community VLAN and with
promiscuous ports. These interfaces are isolated at Layer 2 from all other interfaces in other
communities and from isolated ports within their private VLAN.
Community ports communicate with other ports in the same community VLAN and with
promiscuous ports. These interfaces are isolated at Layer 2 from all other interfaces in other
communities and from isolated ports within their private VLAN.
Note
Trunk ports carry traffic from regular VLANs and also from primary, isolated, and community VLANs.
201784
Private
Private
VLAN
VLAN
domain
domain
Private
VLAN
domain
Primary
VLAN
Subdomain
Subdomain
Secondary
community VLAN
Secondary
isolated VLAN
Subdomain
Subdomain
Secondary
community VLAN
Secondary
isolated VLAN