Table 22-5. Forwarding Rules for Traffic in Isolated VLAN
From
promiscuous
community 1
community 2
isolated
stack (trunk)
Limitations and Recommendations
•
Only a single isolated VLAN can be associated with a primary VLAN.
Multiple community VLANs can be associated with a primary VLAN.
•
Trunk and general modes are not supported on private VLAN ports.
•
Do not configure access ports using the VLANs participating in any of the
private VLANs.
•
Multiple primary VLANs may be configured. Each primary VLAN must be
unique and each defines a separate private VLAN domain. The operator
must take care to use only the secondary VLANs associated with the
primary VLAN of a domain.
•
Private VLANs cannot be enabled on a preconfigured interface. The
interface must physically exist in the switch.
•
Secondary (community and isolated) VLANS are associated to the same
multiple spanning tree instance as the primary VLAN.
•
GVRP/MVRP cannot be enabled after the private VLAN is configured.
The administrator will need to disable both before configuring the private
VLAN.
•
DHCP snooping can be configured on the primary VLAN. If it is enabled
for a secondary VLAN, the configuration does not take effect if a primary
VLAN is already configured.
•
If IP source guard is enabled on private VLAN ports, then DHCP snooping
must be enabled on the primary VLAN.
•
Do not configure private VLAN ports on interfaces configured for voice
VLAN.
564
Configuring VLANs
promiscuous
community 1
N/A
N/A
N/A
N/A
N/A
N/A
allow
deny
allow
deny
To
community 2
isolated
N/A
N/A
N/A
N/A
N/A
N/A
deny
deny
deny
deny
stack (trunk)
N/A
N/A
N/A
allow
Allow