Hi, I am trying to understand PVLAN Behaviour when there is a trunk link between switches. I have read the cisco document linked below but still have a few Qs.
If the setup is such
Trying to ensure any communication between ports in a particular vlan are blocked and it is impossible for traffic to leak to ports in different vlan on L2 switches only across trunk. There is no promiscuous port in this environment nor is there any isolated port.
Now is it possible to limit connecion between ports only in VL10 on Switch A and B if they are community ports and VLAN 10 is community vlan & would this work across trunk between switch A and B?
If possible than would there be any way that ports/hosts in VL20 which is normal vlan be affected by this traffic from community vlan 10?
How will broadcast in community VL10 ports affect the trunk if the trunk is a 1Gb link wheras the access port are all 100Mb?
Will broadcast and unknown unicast be leaked over from Community VLAN 10 to other VLANs like VL20, 30 or 40?
Tx
Hi,
In your lab, let trunk ports forward all PVLANs, No need to modify.
Q: Now is it possible to limit connecion between ports only in VL10 on Switch A and B if they are community ports and VLAN 10 is community vlan & would this work across trunk between switch A and B?
A: The same community vlan can connect each other via trunk ports(between switches). It has to be like that.
#######################################
Q: If possible than would there be any way that ports/hosts in VL20 which is normal vlan be affected by this traffic from community vlan 10?
A: In layer 2 point of view , you can think as they are in different vlans. However, They can connect via Layer3(gateway). VLAN20 is a normal vlan. Lets say VLAN10 is seconday vlan of VLAN100(Primary VLAN , Gateway is here). Sorry, I don't know what you designed so I assumed it myself.
#######################################
Q: How will broadcast in community VL10 ports affect the trunk if the trunk is a 1Gb link wheras the access port are all 100Mb?
A: Broadcast is Broadcast. They go everywhere they can go. In your question, broadcast will go through the trunk port. As long as you stay away from Virus, Worm , Loop etc. on your network. 1GB link is fine for broadcast traffic.
Q: Will broadcast and unknown unicast be leaked over from Community VLAN 10 to other VLANs like VL20, 30 or 40?
A: In layer 2 point of view , you can think as they are in different vlans.
Excerpted from Cisco Doc:
PVLANs and Unicast, Broadcast, and Multicast Traffic
In regular VLANs, devices in the same VLAN can communicate with each other at the Layer 2 level, but devices connected to interfaces in different VLANs must communicate at the Layer 3 level. In PVLANs, the promiscuous ports are members of the primary VLAN, while the host ports belong to secondary VLANs. Because the secondary VLAN is associated to the primary VLAN, members of the these VLANs can communicate with each other at the Layer 2 level.
In a regular VLAN, broadcasts are forwarded to all ports in that VLAN. PVLAN broadcast forwarding depends on the port sending the broadcast:
•
An isolated port sends a broadcast only to the promiscuous ports or trunk ports.
•A community port sends a broadcast to all promiscuous ports, trunk ports, and ports in the same community VLAN.
•A promiscuous port sends a broadcast to all ports in the PVLAN (other promiscuous ports, trunk ports, isolated ports, and community ports).
Multicast traffic is routed or bridged across private-VLAN boundaries and within a single community VLAN. Multicast traffic is not forwarded between ports in the same isolated VLAN or between ports in different secondary VLANs.
#######################################
HTH,
Toshi
