Cisco Systems WSC2960XR48FPSI Manual De Usuario
• Promiscuous—A promiscuous port belongs to the primary VLAN and can communicate with all interfaces,
including the community and isolated host ports that belong to the secondary VLANs associated with
the primary VLAN.
the primary VLAN.
• Isolated—An isolated port is a host port that belongs to an isolated secondary VLAN. It has complete
Layer 2 separation from other ports within the same private VLAN, except for the promiscuous ports.
Private VLANs block all traffic to isolated ports except traffic from promiscuous ports. Traffic received
from an isolated port is forwarded only to promiscuous ports.
Private VLANs block all traffic to isolated ports except traffic from promiscuous ports. Traffic received
from an isolated port is forwarded only to promiscuous ports.
• Community—A community port is a host port that belongs to a community secondary VLAN. Community
ports communicate with other ports in the same community VLAN and with promiscuous ports. These
interfaces are isolated at Layer 2 from all other interfaces in other communities and from isolated ports
within their private VLAN.
interfaces are isolated at Layer 2 from all other interfaces in other communities and from isolated ports
within their private VLAN.
Trunk ports carry traffic from regular VLANs and also from primary, isolated, and community VLANs.
Note
Primary and secondary VLANs have these characteristics:
• Primary VLAN—A private VLAN has only one primary VLAN. Every port in a private VLAN is a
member of the primary VLAN. The primary VLAN carries unidirectional traffic downstream from the
promiscuous ports to the (isolated and community) host ports and to other promiscuous ports.
promiscuous ports to the (isolated and community) host ports and to other promiscuous ports.
• Isolated VLAN —A private VLAN has only one isolated VLAN. An isolated VLAN is a secondary
VLAN that carries unidirectional traffic upstream from the hosts toward the promiscuous ports and the
gateway.
gateway.
• Community VLAN—A community VLAN is a secondary VLAN that carries upstream traffic from the
community ports to the promiscuous port gateways and to other host ports in the same community. You
can configure multiple community VLANs in a private VLAN.
can configure multiple community VLANs in a private VLAN.
A promiscuous port can serve only one primary VLAN, one isolated VLAN, and multiple community VLANs.
Layer 3 gateways are typically connected to the switch through a promiscuous port. With a promiscuous port,
you can connect a wide range of devices as access points to a private VLAN. For example, you can use a
promiscuous port to monitor or back up all the private VLAN servers from an administration workstation.
Layer 3 gateways are typically connected to the switch through a promiscuous port. With a promiscuous port,
you can connect a wide range of devices as access points to a private VLAN. For example, you can use a
promiscuous port to monitor or back up all the private VLAN servers from an administration workstation.
Related Topics
Private VLANs in Networks
In a switched environment, you can assign an individual private VLAN and associated IP subnet to each
individual or common group of end stations. The end stations need to communicate only with a default gateway
to communicate outside the private VLAN.
individual or common group of end stations. The end stations need to communicate only with a default gateway
to communicate outside the private VLAN.
You can use private VLANs to control access to end stations in these ways:
Catalyst 2960-XR Switch VLAN Configuration Guide, Cisco IOS Release 15.0(2)EX1
OL-29440-01
89
Configuring Private VLANs
Private VLANs in Networks