You can configure the VLT peers or nodes in
a private VLAN (PVLAN). Because the VLT LAG interfaces are terminated
on two different nodes, PVLAN configuration of VLT VLANs and VLT LAGs
are symmetrical and identical on both the VLT peers. PVLANs provide
Layer 2 isolation between ports within the same VLAN. A PVLAN partitions
a traditional VLAN into subdomains identified by a primary and secondary
VLAN pair. With VLT being a Layer 2 redundancy feature, support for
configuration of VLT nodes in a PVLAN enables Layer 2 security functionalities
to be achieved. This section describe how to configure a VLT VLAN
or a VLT LAG (VLTi link) and assign that VLT interface to a PVLAN.
Creating a VLT
LAG or a VLT VLAN
Configure the port channel for the VLT interconnect
on a VLT switch and enter interface configuration mode
NOTE To be included in the VLTi, the port channel must be in Default mode
(no switchport or VLAN assigned).
Remove an IP address from the interface.
INTERFACE PORT-CHANNEL mode
no ip address
Add one or more port interfaces to the port
channel.
INTERFACE PORT-CHANNEL mode
channel-member interface
interface: specify one of
the following interface types:
For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port/subport information.
For a 25-Gigabit Ethernet interface, enter the keyword twentyFiveGigE then the slot/port/subport
information.
For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port/subport information.
For a 50-Gigabit Ethernet interface, enter the keyword fiftyGigE then the slot/port/subport
information.
For a 100-Gigabit Ethernet interface, enter the keyword hundredGigE then the slot/port
information.
Ensure that the port channel is active.
INTERFACE PORT-CHANNEL mode
no shutdown
To configure the VLT interconnect, repeat
Steps 1–4 on the VLT peer switch.
Enter VLT-domain configuration mode for a specified
VLT domain.
CONFIGURATION mode
vlt domain domain-id
The range of domain IDs is from 1 to 1000.
Enter the port-channel number that acts as
the interconnect trunk.
VLT DOMAIN CONFIGURATION mode
peer-link port-channel id-number
(Optional) To configure a VLT LAG, enter the
VLAN ID number of the VLAN where the VLT forwards packets received
on the VLTi from an adjacent peer that is down.
VLT DOMAIN CONFIGURATION mode
peer-link port-channel id-number peer-down-vlan
vlan interface number
Associating
the VLT LAG or VLT VLAN in a PVLAN
Access INTERFACE mode for the port that you
want to assign to a PVLAN.
Access INTERFACE VLAN mode for the VLAN to
which you want to assign the PVLAN interfaces.
CONFIGURATION mode
interface vlan vlan-id
Enable the VLAN.
INTERFACE VLAN mode
no shutdown
To obtain maximum VLT resiliency, configure
the PVLAN IDs and mappings to be identical on both the VLT peer nodes.
Set the PVLAN mode of the selected VLAN to primary.
INTERFACE VLAN mode
private-vlan mode primary
Map secondary VLANs to the selected primary
VLAN.
INTERFACE VLAN mode
private-vlan mapping secondary-vlan vlan-list
The list of secondary VLANs can be:
Specified in comma-delimited (VLAN-ID,VLAN-ID) or hyphenated-range format (VLAN-ID-VLAN-ID).
Specified with this command even before they have
been created.
Amended by specifying the new secondary VLAN to be
added to the list.
Data is not available for the Topic
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\
