Addendum
19
Virtual Link Trunking (VLT)
This chapter describes the VLT enhancements and contains the following sections:
• VLT Nodes as Rendezvous Points for Multicast Resiliency
• Specifying VLT Nodes in a PVLAN
• Proxy ARP Capability on VLT Peer Nodes
Specifying VLT Nodes in a PVLAN
You can configure VLT peer nodes in a private VLAN (PVLAN) on the S4810, S4820T, Z9000, and MXL
platforms.
Virtual Link Trunking (VLT) is a mechanism that enables the physical links between two devices that are
called VLT nodes or peers, and within a VLT domain, to be considered as a single logical link to external
devices that are connected using LAG bundles to both the VLT peers. This capability enables redundancy
without the implementation of Spanning Tree Protocol (STP), thereby providing a loop-free network with
optimal bandwidth utilization.
You can configure the VLT peers or nodes in a private VLAN (PVLAN). Because the VLT LAG interfaces are
terminated on two different nodes, PVLAN configuration of VLT VLANs and VLT LAGs are symmetrical
and identical on both the VLT peers. PVLANs provide Layer 2 isolation between ports within the same
VLAN. A PVLAN partitions a traditional VLAN into subdomains identified by a primary and secondary VLAN
pair. With VLT being a Layer 2 redundancy mechanism, support for configuration of VLT nodes in a
PVLAN enables Layer 2 security functionalities to be achieved. To enable maximum VLT resiliency to be
obtained, you must configure the PVLAN IDs and mappings to be identical on both the VLT peer nodes.
The association of PVLAN with the VLT LAG must also be identical. After the VLT LAG is configured to be
a member of a PVLAN so that it becomes member of either the primary or secondary PVLAN (which is
associated with the primary), ICL becomes an automatic member of that PVLAN on both switches so that
PVLAN data flow received on one VLT peer for a VLT LAG can also be transmitted on that VLT LAG from
the peer.
You can associate either a VLT VLAN or a VLT LAG to a PVLAN. You must first configure the VLTi or a VLT
LAG by using the peer-link port-channel id-number command or the VLT VLAN by using the
peer-link port-channel id-number peer-down-vlan vlan interface number command
and the
switchport command. After you specify the VLTi link and VLT LAGs, you can associate the
same port channel or LAG bundle that forms part of a VLT to a PVLAN by using the interface
interface and switchport mode private-vlan commands.
When a VLT interconnect (VLTi) port in trunk mode is a member of symmetric VLT PVLANs using which
PVLAN packets are traversed from one VLT node to the other, the PVLAN packets are forwarded only if
the PVLAN settings of both the VLT nodes are identical. You can configure the VLTi in trunk mode to be a
member of non-VLT PVLANs if the VLTi is configured on both the peers. MAC address synchronization is
performed for VLT PVLANs across peers in a VLT domain.
Keep the following points in mind when you configure VLT nodes in a PVLAN:
• You must configure the VLTi link to be in trunk mode. You must not configure the VLTi link to be in
access or promiscuous mode.
Virtual Link Trunking (VLT)
263