Hi,

we use private vlan in a Datacenter environment, the router is connected to the promiscuous port an the clients are connected to isolated ports...

Network design:

[NX3K64]---------[NX3K64]-----------[NX3K64]-------[Client]

      |                             |
[Router]                   [NX3K64]-----------[NX3K64]-------[Client]

                                     |                                  |

                                [Client]                         [Client]

-->Switches are connected through trunk ports

During a bandwidth test using iperf (UDP) we noticed that the traffic originated from the promiscuous port to the clients was sent to all client-ports like a broadcast, but it was normal udp unicast traffic for one client.

The destination clients mac was correctly learned over the switches on the right way!

Config:

Router-Port:
interface Ethernet1/42
description Router
switchport mode private-vlan trunk promiscuous
switchport private-vlan mapping 1111 1112
switchport private-vlan trunk allowed vlan 100,1111-1112
switchport private-vlan mapping trunk 1111 1112
spanning-tree port type edge trunk

Client Ports:
interface Ethernet1/16
switchport mode private-vlan host
switchport private-vlan host-association 1111 1112
spanning-tree port type edge
speed 1000
storm-control broadcast level 5.00
storm-control multicast level 5.00
storm-control action shutdown
no vtp

Pvlan-Config on all switches:

vlan 1111
name PVLan_PPPoE_Prim
private-vlan primary
private-vlan association 1112
vlan 1112
name PVlan_Iso
private-vlan isolated

Hardware: Nexus 3064PQ

Software: 9.2.3

That mus be a bug or someone els has an idea?

Thanks!