user manual
Table Of Contents
- Cisco Nexus 3000 NX-OS Layer 2 Switching Configuration Guide, Release 5.0(3)U3(1)
- Contents
- Preface
- New and Changed Information for this Release
- Overview
- Configuring Ethernet Interfaces
- Information About Ethernet Interfaces
- Configuring Ethernet Interfaces
- Configuring the UDLD Mode
- Changing an Interface Port Mode
- Configuring Interface Speed
- Disabling Link Negotiation
- Configuring the CDP Characteristics
- Enabling or Disabling CDP
- Enabling the Error-Disabled Detection
- Enabling the Error-Disabled Recovery
- Configuring the Error-Disabled Recovery Interval
- Configuring the Debounce Timer
- Configuring the Description Parameter
- Disabling and Restarting Ethernet Interfaces
- Displaying Interface Information
- Displaying Input Packet Discard Information
- Default Physical Ethernet Settings
- Configuring VLANs
- Configuring Private VLANs
- Information About Private VLANs
- Guidelines and Limitations for Private VLANs
- Configuring a Private VLAN
- Enabling Private VLANs
- Configuring a VLAN as a Private VLAN
- Associating Secondary VLANs with a Primary Private VLAN
- Configuring an Interface as a Private VLAN Host Port
- Configuring an Interface as a Private VLAN Promiscuous Port
- Configuring a Promiscuous Trunk Port
- Configuring an Isolated Trunk Port
- Configuring the Allowed VLANs for PVLAN Trunking Ports
- Configuring Native 802.1Q VLANs on Private VLANs
- Verifying the Private VLAN Configuration
- Configuring Access and Trunk Interfaces
- Configuring Switching Modes
- Configuring Rapid PVST+
- Information About Rapid PVST+
- Understanding STP
- Understanding Rapid PVST+
- Rapid PVST+ and IEEE 802.1Q Trunks
- Rapid PVST+ Interoperation with Legacy 802.1D STP
- Rapid PVST+ Interoperation with 802.1s MST
- Configuring Rapid PVST+
- Enabling Rapid PVST+
- Enabling Rapid PVST+ per VLAN
- Configuring the Root Bridge ID
- Configuring a Secondary Root Bridge
- Configuring the Rapid PVST+ Port Priority
- Configuring the Rapid PVST+ Pathcost Method and Port Cost
- Configuring the Rapid PVST+ Bridge Priority of a VLAN
- Configuring the Rapid PVST+ Hello Time for a VLAN
- Configuring the Rapid PVST+ Forward Delay Time for a VLAN
- Configuring the Rapid PVST+ Maximum Age Time for a VLAN
- Specifying the Link Type
- Restarting the Protocol
- Verifying Rapid PVST+ Configurations
- Information About Rapid PVST+
- Configuring Multiple Spanning Tree
- Information About MST
- Configuring MST
- MST Configuration Guidelines
- Enabling MST
- Entering MST Configuration Mode
- Specifying the MST Name
- Specifying the MST Configuration Revision Number
- Specifying the Configuration on an MST Region
- Mapping and Unmapping VLANs to MST Instances
- Mapping Secondary VLANs to Same MSTI as Primary VLANs for Private VLANs
- Configuring the Root Bridge
- Configuring a Secondary Root Bridge
- Configuring the Port Priority
- Configuring the Port Cost
- Configuring the Switch Priority
- Configuring the Hello Time
- Configuring the Forwarding-Delay Time
- Configuring the Maximum-Aging Time
- Configuring the Maximum-Hop Count
- Configuring PVST Simulation Globally
- Configuring PVST Simulation Per Port
- Specifying the Link Type
- Restarting the Protocol
- Verifying MST Configurations
- Configuring STP Extensions
- About STP Extensions
- Information About STP Extensions
- Configuring STP Extensions
- STP Extensions Configuration Guidelines
- Configuring Spanning Tree Port Types Globally
- Configuring Spanning Tree Edge Ports on Specified Interfaces
- Configuring Spanning Tree Network Ports on Specified Interfaces
- Enabling BPDU Guard Globally
- Enabling BPDU Guard on Specified Interfaces
- Enabling BPDU Filtering Globally
- Enabling BPDU Filtering on Specified Interfaces
- Enabling Loop Guard Globally
- Enabling Loop Guard or Root Guard on Specified Interfaces
- Verifying STP Extension Configuration
- About STP Extensions
- Configuring LLDP
- Configuring the MAC Address Table
- Configuring IGMP Snooping
- Configuring Traffic Storm Control
- INDEX
• Promiscuous port—A promiscuous port belongs to the primary VLAN. The promiscuous port can
communicate with all interfaces, including the community and isolated host ports, that belong to those
secondary VLANs associated to the promiscuous port and associated with the primary VLAN. You can
have several promiscuous ports in a primary VLAN. Each promiscuous port can have several secondary
VLANs or no secondary VLANs that are associated to that port. You can associate a secondary VLAN
to more than one promiscuous port, as long as the promiscuous port and secondary VLANs are within
the same primary VLAN. You may want to do this for load-balancing or redundancy purposes. You can
also have secondary VLANs that are not associated to any promiscuous port.
A promiscuous port can be configured as an access port.
• Isolated port—An isolated port is a host port that belongs to an isolated secondary VLAN. This port has
complete isolation from other ports within the same PVLAN domain, except that it can communicate
with associated promiscuous ports. PVLANs block all traffic to isolated ports except traffic from
promiscuous ports. Traffic received from an isolated port is forwarded only to promiscuous ports. You
can have more than one isolated port in a specified isolated VLAN. Each port is completely isolated
from all other ports in the isolated VLAN.
An isolated port can be configured an access port.
• Community port—A community port is a host port that belongs to a community secondary VLAN.
Community ports communicate with other ports in the same community VLAN and with associated
promiscuous ports. These interfaces are isolated from all other interfaces in other communities and from
all isolated ports within the PVLAN domain.
A community port must be configured as an access port.
Primary, Isolated, and Community Private VLANs
Primary VLANs and the two types of secondary VLANs (isolated and community) have these characteristics:
• Primary VLAN— The primary VLAN carries traffic from the promiscuous ports to the host ports, both
isolated and community, and to other promiscuous ports.
• Isolated VLAN —An isolated VLAN is a secondary VLAN that carries unidirectional traffic upstream
from the hosts toward the promiscuous ports. You can configure only one isolated VLAN in a PVLAN
domain. An isolated VLAN can have several isolated ports. The traffic from each isolated port also
remains completely separate.
• Community VLAN—A community VLAN is a secondary VLAN that carries upstream traffic from the
community ports to the promiscuous port and to other host ports in the same community. You can
configure multiple community VLANs in a PVLAN domain. The ports within one community can
communicate, but these ports cannot communicate with ports in any other community or isolated VLAN
in the private VLAN.
Cisco Nexus 3000 NX-OS Layer 2 Switching Configuration Guide, Release 5.0(3)U3(1)
OL-26590-01 39
Configuring Private VLANs
Primary, Isolated, and Community Private VLANs