Guidelines and Limitations for Private VLANs
When configuring PVLANs, follow these guidelines:
-
You must create a VLAN before you can assign the specified VLAN as a private VLAN.
-
You must enable PVLANs before the switch can apply the PVLAN functionality.
-
You cannot disable PVLANs if the switch has any operational ports in a PVLAN mode.
-
Enter the private-vlan synchronize command from within the Multiple Spanning Tree (MST) region definition to map the secondary VLANs to the same MST instance as the primary VLAN.
-
You must disable all the FEX isolated trunk ports before configuring FEX trunk ports.
-
You cannot connect a second switch to a promiscuous or isolated PVLAN trunk. The promiscuous or isolated PVLAN trunk is supported only on host-switch.
-
You cannot configure promiscuous ports and promiscuous trunk ports on the FEX interfaces (HIF) ports.
-
If you configure a private-vlan association under a VLAN, but do not configure the private-vlan type as primary, this association will reappear in the running configuration under the same VLAN when the VLAN is deleted and re-created. Note that this earlier association cannot be removed by using the no private-vlan association command. It can be removed only by performing either of the following tasks:
-
Disable the PVLAN feature.
Or
-
Configure the private-vlan type as primary, configure the same private-vlan association under that VLAN, and then remove the association using the no private-vlan association command.
-
Limitations with Other Features
Consider the following configuration limitations with other features when configuring private VLANs:
-
IGMP snooping runs only on the primary VLAN and uses the configuration of the primary VLAN for all secondary VLANs.
Any IGMP snooping join request in the secondary VLAN is treated as if it is received in the primary VLAN.