Users Guide
The association of PVLAN with the VLT LAG must also be identical. After the VLT LAG is configured to be a
member of either the primary or secondary PVLAN (which is associated with the primary), ICL becomes an
automatic member of that PVLAN on both switches. This association helps the PVLAN data flow received on
one VLT peer for a VLT LAG to be transmitted on that VLT LAG from the peer.
You can associate either a VLT VLAN or a VLT LAG to a PVLAN. First configure the VLT interconnect (VLTi) or a
VLT LAG by using the peer-link port-channel id-number command or the VLT VLAN by using the
peer-link port-channel id-number peer-down-vlan vlan interface number command and
the
switchport command. After you specify the VLTi link and VLT LAGs, you can associate the same port
channel or LAG bundle that is a part of a VLT to a PVLAN by using the interface interface and
switchport mode private-vlan commands.
When a VLTi port in trunk mode is a member of symmetric VLT PVLANs, the PVLAN packets are forwarded
only if the PVLAN settings of both the VLT nodes are identical. You can configure the VLTi in trunk mode to
be a member of non-VLT PVLANs if the VLTi is configured on both the peers. MAC address synchronization is
performed for VLT PVLANs across peers in a VLT domain.
Keep the following points in mind when you configure VLT nodes in a PVLAN:
• Configure the VLTi link to be in trunk mode. Do not configure the VLTi link to be in access or
promiscuous mode.
• You can configure a VLT LAG or port channel to be in trunk, access, or promiscuous port modes when
you include the VLT LAG in a PVLAN. The VLT LAG settings must be the same on both the peers. If you
configure a VLT LAG as a trunk port, you can associate that LAG to be a member of a normal VLAN or a
PVLAN. If you configure a VLT LAG to be a promiscuous port, you can configure that LAG to be a
member of PVLAN only. If you configure a VLT LAG to be in access port mode, you can add that LAG to
be a member of the secondary VLAN only.
• ARP entries are synchronized even when a mismatch occurs in the PVLAN mode of a VLT LAG.
Any VLAN that contains at least one VLT port as a member is treated as a VLT VLAN. You can configure a VLT
VLAN to be a primary, secondary, or a normal VLAN. However, the VLT VLAN configuration must be
symmetrical across peers. If the VLT LAG is tagged to any one of the primary or secondary VLANs of a PVLAN,
then both the primary and secondary VLANs are considered as VLT VLANs.
If you add an ICL or VLTi link as a member of a primary VLAN, the ICL becomes a part of the primary VLAN
and its associated secondary VLANs, similar to the behavior for normal trunk ports. VLAN parity is not
validated if you associate an ICL to a PVLAN. Similarly, if you dissociate an ICL from a PVLAN, although the
PVLAN parity exists, ICL is removed from that PVLAN.
Association of VLTi as a Member of a PVLAN
If a VLAN is configured as a non-VLT VLAN on both the peers, the VLTi link is made a member of that VLAN if
the VLTi link is configured as a PVLAN or normal VLAN on both the peers. If a PVLAN is configured as a VLT
VLAN on one peer and a non-VLT VLAN on another peer, the VLTi is added as a member of that VLAN by
verifying the PVLAN parity on both the peers. In such a case, if a PVLAN is present as a VLT PVLAN on at least
one of the peers, then symmetric configuration of the PVLAN is validated to cause the VLTi to be a member
of that VLAN. Whenever a change in the VLAN mode on one of the peers occurs, the information is
synchronized with the other peer and VLTi is either added or removed from the VLAN based on the validation
of the VLAN parity.
Virtual Link Trunking (VLT) 1068