Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1669
Views
0
Helpful
2
Replies

Private vlan type Isolated and blocked port

Go to solution
mahesh18
Level 6
Level 6

‎01-21-2013 02:51 PM - edited ‎03-07-2019 11:13 AM

                   hi everyone,

I have config Private vlan on 3750

3750Switch#        sh vlan private-vlan

Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------
20      30        community         Fa1/0/1, Gi1/0/1
20      40        isolated          Fa1/0/1, Fa1/0/5

when i do sh mac address i see this


   1    000d.2928.bcb0    DYNAMIC     Fa1/0/48
  20    000e.d7f8.b400    DYNAMIC pv  Fa1/0/5
  20    0019.e849.d3c1    DYNAMIC     Fa1/0/1
  20    001b.90e7.d4c2    DYNAMIC pv  Gi1/0/1
  30    0019.e849.d3c1    DYNAMIC pv  Fa1/0/1
  30    001b.90e7.d4c2    DYNAMIC     Gi1/0/1
  40    000e.d7f8.b400    BLOCKED     Fa1/0/5************************this goes to isolated vlan
  40    0019.e849.d3c1    DYNAMIC pv  Fa1/0/1

Need to know if port in isolated vlan always show as blocked?

Thanks

mahesh

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

‎01-21-2013 03:29 PM

Hi Mahesh,

The behavior is correct.

see below from the config guide:

Isolated—An isolated port is a host port that  belongs to an isolated secondary VLAN. This port has complete isolation  from other ports within the same private VLAN domain, except that it can  communicate with associated promiscuous ports. Private VLANs block all  traffic to isolated ports except traffic from promiscuous ports. Traffic  received from an isolated port is forwarded only to promiscuous ports.  You can have more than one isolated port in a specified isolated VLAN.  Each port is completely isolated from all other ports in the isolated  VLAN.

here is the link:

http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli/PrivateVLANs.html

HTH

Reza

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

‎01-21-2013 03:29 PM

Hi Mahesh,

The behavior is correct.

see below from the config guide:

Isolated—An isolated port is a host port that  belongs to an isolated secondary VLAN. This port has complete isolation  from other ports within the same private VLAN domain, except that it can  communicate with associated promiscuous ports. Private VLANs block all  traffic to isolated ports except traffic from promiscuous ports. Traffic  received from an isolated port is forwarded only to promiscuous ports.  You can have more than one isolated port in a specified isolated VLAN.  Each port is completely isolated from all other ports in the isolated  VLAN.

here is the link:

http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli/PrivateVLANs.html

HTH

Reza

0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Reza Sharifi

‎01-21-2013 07:53 PM

Hi Reza,

Many thanks for confirming it.

Regards

MAhesh

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card