Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation
Table of Contents
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Understanding PVLAN Traffic Flows Across Multiple Switches

    This topic illustrates and explains three different traffic flows on a sample multiswitch network configured with a private VLAN (PVLAN). PVLANs restrict traffic flows through their member switch ports (which are called “private ports”) so that they communicate only with a specific uplink trunk port or with specified ports within the same VLAN.

    This topic describes:

    Community VLAN Sending Untagged Traffic

    In this scenario, a VLAN in Community-1 of Switch 1 at interface ge-0/0/0 sends untagged traffic. The arrows in Figure 1 represent this traffic flow.

    Figure 1: Community VLAN Sends Untagged Traffic

    Community VLAN Sends Untagged Traffic

    In this scenario, the following activity takes place on Switch 1:

    • Community-1 VLAN on interface ge-0/0/0: Learning
    • pvlan100 on interface ge-0/0/0: Replication
    • Community-1 VLAN on interface ge-0/0/12: Receives traffic
    • PVLAN trunk port: Traffic exits from ge-1/0/2 and from ae0 with tag 10
    • Community-2: Interface receives no traffic
    • Isolated VLANs: Interfaces receive no traffic

    In this scenario, this activity takes place on Switch 3:

    • Community-1 VLAN on interface ge-0/0/23 (PVLAN trunk): Learning
    • pvlan100 on interface ge-0/0/23: Replication
    • Community-1 VLAN on interface ge-0/0/9 and ge-0/0/16: Receives traffic
    • Promiscuous trunk port: Traffic exits from ge-0/0/0 with tag 100
    • Community-2: Interface receives no traffic
    • Isolated VLANs: Interfaces receive no traffic

    Isolated VLAN Sending Untagged Traffic

    In this scenario, isolated VLAN1 on Switch 1 at interface ge-1/0/0 sends untagged traffic. The arrows in Figure 2 represent this traffic flow.

    Figure 2: Isolated VLAN Sends Untagged Traffic

    Isolated VLAN Sends Untagged Traffic

    In this scenario, the following activity takes place on Switch 1:

    • Isolated VLAN1 on interface ge-1/0/0: Learning
    • pvlan100 on interface ge-1/0/0: Replication
    • Traffic exits from pvlan-trunk ge-1/0/2 and ae0 with tag 50
    • Community-1 and Community-2: Interfaces receive no traffic
    • Isolated VLANs: Interfaces receive no traffic

    In this scenario, this activity takes place on Switch 3:

    • VLAN on interface ge-0/0/23 (PVLAN trunk port): Learning
    • pvlan100 on interface ge0/0/23: Replication
    • Promiscuous trunk port: Traffic exits from ge-0/0/0 with tag 100
    • Community-1 and Community-2: Interfaces receive no traffic
    • Isolated VLANs: Receive no traffic

    PVLAN Tagged Traffic Sent on a Promiscuous Port

    In this scenario, PVLAN tagged traffic is sent on a promiscuous port. The arrows in Figure 3 represent this traffic flow.

    Figure 3: PVLAN Tagged Traffic Sent on a Promiscuous Port

    PVLAN Tagged Traffic Sent on a Promiscuous Port

    In this scenario, the following activity takes place on Switch 1:

    • pvlan100 VLAN on interface ae0 (PVLAN trunk): Learning
    • Community-1, Community-2, and all isolated VLANs on interface ae0: Replication
    • VLAN on interface ae0: Replication
    • Traffic exits from pvlan-trunk ge-1/0/2 with tag 100
    • Community-1 and Community-2: Interfaces receive traffic
    • Isolated VLANs: Receive traffic

    In this scenario, this activity takes place on Switch 3:

    • pvlan100 on interface ge-0/0/0: Learning
    • Community-1, Community-2 and all isolated VLANs on interface ge-0/0/0: Replication
    • VLAN on interface ge-0/0/0: Replication
    • Community-1 and Community-2: Interfaces receive traffic
    • Isolated VLANs: Receive traffic
     

    Related Documentation

     

    Published: 2013-08-15

    Previous Page Next Page