Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1187
Views
0
Helpful
2
Replies

Communication between the secondary community VLANs hosts

Go to solution
Cisco Freak
Level 4
Level 4

‎03-17-2015 12:40 AM - edited ‎03-07-2019 11:07 PM

Hi Guys,

The hosts in the secondary community private VLANs are permitted to talk each other. If there is no promiscuous port/host defined, will the community VLAN hosts be able to talk each other?

Or all the intra-community VLAN traffic is routed via promiscuous port?

CF

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee

‎03-17-2015 01:36 AM

Hi CF,

If there is no promiscuous port/host defined, will the community VLAN hosts be able to talk each other?

I suppose you want to ask whether hosts in different community VLANs will be able to talk to each other if there is no promisc port defined. The answer is - no, they will not be able to communicate, but they would not be able to communicate even if the promisc port was created. Their communication over the promisc port would be allowed only if the device connected to that promisc port was willing to do hairpin routing - that is, receive and forward a packet back the same interface. Usually, you do not want your different community VLANs to communicate to each other - that is why you created them in the first place - so you'd usually make sure that whatever device is connected to a promisc port, it does not do routing or is prevented from hairpin routing via an ACL, for example.

With respect to mutual communication of hosts in a single community VLAN - these hosts will be able to communicate to each other just as if it was a totally normal VLAN. The existence or non-existence of a promisc port has no influence on this.

Feel welcome to ask further!

Best regards,
Peter

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee

‎03-17-2015 01:36 AM

Hi CF,

If there is no promiscuous port/host defined, will the community VLAN hosts be able to talk each other?

I suppose you want to ask whether hosts in different community VLANs will be able to talk to each other if there is no promisc port defined. The answer is - no, they will not be able to communicate, but they would not be able to communicate even if the promisc port was created. Their communication over the promisc port would be allowed only if the device connected to that promisc port was willing to do hairpin routing - that is, receive and forward a packet back the same interface. Usually, you do not want your different community VLANs to communicate to each other - that is why you created them in the first place - so you'd usually make sure that whatever device is connected to a promisc port, it does not do routing or is prevented from hairpin routing via an ACL, for example.

With respect to mutual communication of hosts in a single community VLAN - these hosts will be able to communicate to each other just as if it was a totally normal VLAN. The existence or non-existence of a promisc port has no influence on this.

Feel welcome to ask further!

Best regards,
Peter

0 Helpful

Go to solution
Cisco Freak
Level 4
Level 4
In response to Peter Paluch

‎03-19-2015 08:16 AM

Hi Peter,

My question was whether two hosts in same community VLAN work without promiscuous port.

Because I know 2 different community VLANs will NEVER be allowed to talk to each other. :)

Now its clear that hosts in a single promiscuous VLAN are able to communicate each other just like a normal VLAN!!!!

Thanks for answering my query Peter!

0 Helpful
Customers Also Viewed These Support Documents