Configuration notes and limitations, Command syntax, Configuring an isolated or community private vlan – Brocade TurboIron 24X Series Configuration Guide User Manual
Page 447
Brocade TurboIron 24X Series Configuration Guide
413
53-1003053-01
Configuring private VLANs
•
The device forwards all known unicast traffic in hardware. Multiple MAC entries do not appear
in the MAC address table because the device transparently manages multiple MAC entries in
hardware.
•
You can configure private VLANs and dual-mode VLAN ports on the same device. However, the
dual-mode VLAN ports cannot be members of private VLANs.
Configuration notes and limitations
Consider the following statements when configuring a private VLAN on a device:
•
Each private VLAN can have multiple isolated VLANs or community VLANs. You can use any
combination of isolated or community VLANs with the primary VLAN.
•
You cannot configure a common port in any pair of primary, isolated, and community VLANs.
•
You cannot configure the default VLAN (VLAN 1) as a private VLAN.
•
You can configure Virtual interface (VE) on primary VLAN. The VE configuration in secondary
private VLAN is not supported.
•
A secondary VLAN can have only one primary VLAN associated with it.
•
You can configure static trunk or dynamic trunk in both primary and secondary private VLAN.
•
Spanning tree protocol is automatically disabled on private VLAN.
•
You cannot enable Metro Ring Protocol (MRP), Virtual Switch Redundancy Protocol (VSRP), and
Virtual Router Redundancy Protocol (VRRP) on private VLAN.
•
You cannot enable single span on a private VLAN configured system and you cannot configure
private VLAN on a single span enabled system.
•
You cannot configure private VLAN through VLAN group.
•
ICMP redirect is automatically disabled for private VLAN.
•
To enhance private VLAN security, unique VLAN ID is used to identify the primary VLAN for
different private VLANs. The known unicast among isolated VLAN and known unicast across
different isolated or community VLAN is restricted.
•
To enhance private VLAN flexibility, tagged, untagged, and dual mode ports are supported.
•
All ports in the primary VLAN are promiscuous. You cannot configure an individual port in the
primary to secondary private VLAN mapping. Traffic is forwarded to all ports in the primary
private vlan when received from a secondary VLAN.
Command syntax
To configure a private VLAN, configure each of the component VLANs (isolated, community, and
primary) as a separate port-based VLAN:
•
Use standard VLAN configuration commands to create the VLAN and add ports.
•
Identify the private VLAN type (isolated, community, or primary)
•
For the primary VLAN, map the other private VLANs to the ports in the primary VLAN
Configuring an isolated or community private VLAN
To configure a community private VLAN, enter commands such as the following.