About Private VLANs
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m
Figure 7-1
Subdomain
Subdomain
community VLAN
community VLAN
You must first create the VLAN before you can convert it to a private VLAN, either primary or
Note
secondary. See
This section includes the following topics:
•
•
•
•
Primary and Secondary VLANs in Private VLANs
A private VLAN domain has only one primary VLAN. Each port in a private VLAN domain is a member
of the primary VLAN; the primary VLAN is the entire private VLAN domain.
Secondary VLANs provide isolation between ports within the same private VLAN domain. The
following two types are secondary VLANs within a primary VLAN:
•
•
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
7-2
Private VLAN Domain
Private
Private
VLAN
VLAN
domain
domain
Secondary
Secondary
Chapter 6, "Configuring VLANs"
Primary and Secondary VLANs in Private VLANs, page 7-2
Understanding Private VLAN Ports, page 7-3
Understanding Broadcast Traffic in Private VLANs, page 7-5
Understanding Private VLAN Port Isolation, page 7-5
Isolated VLANs—Ports within an isolated VLAN cannot communicate directly with each other at
the Layer 2 level.
Community VLANs—Ports within a community VLAN can communicate with each other but
cannot communicate with ports in other community VLANs or in any isolated VLANs at the Layer
2 level.
Primary
VLAN
Subdomain
Subdomain
Secondary
Secondary
isolated VLAN
isolated VLAN
for information on creating VLANs.
Chapter 7
Configuring Private VLANs
OL-16597-01