Users Guide
Reconguring Stacked Switches as VLT
To convert switches that have been stacked to VLT peers, use the following procedure.
1. Remove the current conguration from the switches. You will need to split the conguration up for each switch.
2. Copy the les to the ash memory of the appropriate switch.
3. Copy the les on the ash drive to the startup-cong.
4. Reset the stacking ports to user ports for both switches.
5. Reload the stack and conrm the new congurations have been applied.
6. On the Secondary switch (stack-unit1), enter the command stack-unit1 renumber 0.
7. Conrm the reload query.
8. After reloading, conrm that VLT is enabled.
9. Conrm that the management ports are interconnected or connected to a switch that can transfer Heartbeat information.
Specifying VLT Nodes in a PVLAN
You can congure VLT peer nodes in a private VLAN (PVLAN). VLT enables redundancy without the implementation of Spanning
Tree Protocol (STP), and provides a loop-free network with optimal bandwidth utilization.
Because the VLT LAG interfaces are terminated on two dierent nodes, PVLAN conguration of VLT VLANs and VLT LAGs are
symmetrical and identical on both the VLT peers. PVLANs provide Layer 2 isolation between ports within the same VLAN. A PVLAN
partitions a traditional VLAN into sub-domains identied by a primary and secondary VLAN pair. With VLT being a Layer 2
redundancy mechanism, support for conguration of VLT nodes in a PVLAN enables Layer 2 security functionalities. To achieve
maximum VLT resiliency, you should congure the PVLAN IDs and mappings to be identical on both the VLT peer nodes.
The association of PVLAN with the VLT LAG must also be identical. After the VLT LAG is congured to be a member of either the
primary or secondary PVLAN (which is associated with the primary), ICL becomes an automatic member of that PVLAN on both
switches. This association helps the PVLAN data ow received on one VLT peer for a VLT LAG to be transmitted on that VLT LAG
from the peer.
You can associate either a VLT VLAN or a VLT LAG to a PVLAN. First congure the VLT interconnect (VLTi) or a VLT LAG by using
the peer-link port-channel id-number command or the VLT VLAN by using the peer-link port-channel id-
number peer-down-vlan vlan interface number command and the switchport command. After you specify the
VLTi link and VLT LAGs, you can associate the same port channel or LAG bundle that is a part of a VLT to a PVLAN by using the
interface interface and switchport mode private-vlan commands.
When a VLTi port in trunk mode is a member of symmetric VLT PVLANs, the PVLAN packets are forwarded only if the PVLAN
settings of both the VLT nodes are identical. You can congure the VLTi in trunk mode to be a member of non-VLT PVLANs if the
VLTi is congured on both the peers. MAC address synchronization is performed for VLT PVLANs across peers in a VLT domain.
Keep the following points in mind when you congure VLT nodes in a PVLAN:
• Congure the VLTi link to be in trunk mode. Do not congure the VLTi link to be in access or promiscuous mode.
• You can congure a VLT LAG or port channel to be in trunk, access, or promiscuous port modes when you include the VLT LAG
in a PVLAN. The VLT LAG settings must be the same on both the peers. If you congure a VLT LAG as a trunk port, you can
associate that LAG to be a member of a normal VLAN or a PVLAN. If you congure a VLT LAG to be a promiscuous port, you
can congure that LAG to be a member of PVLAN only. If you congure a VLT LAG to be in access port mode, you can add that
LAG to be a member of the secondary VLAN only.
• ARP entries are synchronized even when a mismatch occurs in the PVLAN mode of a VLT LAG.
Any VLAN that contains at least one VLT port as a member is treated as a VLT VLAN. You can congure a VLT VLAN to be a
primary, secondary, or a normal VLAN. However, the VLT VLAN conguration must be symmetrical across peers. If the VLT LAG is
Virtual Link Trunking (VLT)
921