Information Technology Reference
In-Depth Information
Figure 5.68
Private VLAN
entries consist of a
primary VLAN and
one or more second-
ary VLAN entries.
Secondary VLANs are classii ed as one of the two following types:
Isolated: Ports placed in secondary PVLANs coni gured as isolated are allowed to
communicate only with promiscuous ports in the same secondary VLAN. We'll
explain promiscuous ports shortly.
◆
Community: Ports in a secondary PVLAN are allowed to communicate with other
ports in the same secondary PVLAN as well as with promiscuous ports.
◆
Only one isolated secondary VLAN is permitted for each primary VLAN. Multiple sec-
ondary VLANs coni gured as community VLANs are allowed.
7.
When you i nish adding all the PVLAN pairs, click OK to save the changes and return to
the vSphere Web Client.
After you enter the PVLAN IDs for a distributed switch, you must create a distributed port
group that takes advantage of the PVLAN coni guration. The process for creating a distributed
port group was described previously. Figure 5.69 shows the New Distributed Port Group wizard
for a distributed port group that uses PVLANs.
In Figure 5.69 you can see the term
promiscuous
again. In PVLAN parlance, a promiscuous port
is allowed to send and receive layer 2 frames to any other port in the VLAN. This type of port is
typically reserved for the default gateway for an IP subnet—for example, a layer 3 router.
PVLANs are a powerful coni guration tool but also a complex coni guration topic and one
that can be difi cult to understand. For additional information on PVLANs, we recommend vis-
iting Cisco's website at
www.cisco.com an
d searching for
private
VLANs
.
As with vSphere Standard Switches, vSphere Distributed Switches provide a tremendous
amount of l exibility in designing and coni guring a virtual network. But, as with all things,
