Technical data
BLADE OS 5.1 Application Guide
62
Chapter 3: VLANs BMD00136, November 2009
Private VLAN Ports
Private VLAN ports are defined as follows:
Promiscuous—A promiscuous port is a port that belongs to the primary VLAN. The
promiscuous port can communicate with all the interfaces, including ports in the secondary
VLANs (Isolated VLAN and Community VLANs). Each promiscuous port can belong to only
one Private VLAN.
Isolated—An isolated port is a host port that belongs to an isolated VLAN. Each isolated port
has complete layer 2 separation from other ports within the same private VLAN (including
other isolated ports), except for the promiscuous ports.
Traffic sent to an isolated port is blocked by the Private VLAN, except the traffic from
promiscuous ports.
Traffic received from an isolated port is forwarded only to promiscuous ports.
Community—A community port is a host port that belongs to a community VLAN.
Community ports can communicate with other ports in the same community VLAN, and with
promiscuous ports. These interfaces are isolated at layer 2 from all other interfaces in other
communities and from isolated ports within the Private VLAN.
Configuration Guidelines
The following guidelines apply when configuring Private VLANs:
The default VLAN 1 cannot be a Private VLAN.
IGMP Snooping must be disabled on isolated VLANs.
Each secondary port’s (isolated port and community ports) PVID must match its corresponding
secondary VLAN ID.
Ports within a secondary VLAN cannot be members of other VLANs.
All VLANs that comprise the Private VLAN must belong to the same Spanning Tree Group.