12-9
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
OL-9639-06
Chapter 12 Configuring Private VLANs
Configuring Private VLANs
Limitations with Other Features
When configuring private VLANs, remember these limitations with other features:
Note In some cases, the configuration is accepted with no error messages, but the commands have no effect.
• When IGMP snooping is enabled on the switch (the default), the switch supports no more than 20
private-VLAN domains.
• A private VLAN cannot be a UNI-ENI isolated or UNI-ENI community VLAN. For more
information about UNI-ENI VLANs, see
Chapter 11, “Configuring VLANs.”
• Do not configure a remote SPAN (RSPAN) VLAN as a private-VLAN primary or secondary VLAN.
For more information about SPAN, see
Chapter 26, “Configuring SPAN and RSPAN.”
• Do not configure private-VLAN ports on interfaces configured for these other features:
–
dynamic-access port VLAN membership
–
PAgP (only NNIs or ENIs)
–
LACP (only NNIs or ENIs)
–
Multicast VLAN Registration (MVR)
• You can configure 802.1x port-based authentication on a private-VLAN port, but do not configure
IEEE 802.1x with port security on private-VLAN ports.
• A private-VLAN host or promiscuous port cannot be a SPAN destination port. If you configure a
SPAN destination port as a private-VLAN port, the port becomes inactive.
• If you configure a static MAC address on a promiscuous port in the primary VLAN, you must add
the same static address to all associated secondary VLANs. If you configure a static MAC address
on a host port in a secondary VLAN, you must add the same static MAC address to the associated
primary VLAN. When you delete a static MAC address from a private-VLAN port, you must remove
all instances of the configured MAC address from the private VLAN.
Note Dynamic MAC addresses learned in one VLAN of a private VLAN are replicated in the
associated VLANs. For example, a MAC address learned in a secondary VLAN is replicated
in the primary VLAN. When the original dynamic MAC address is deleted or aged out, the
replicated addresses are removed from the MAC address table.
• Configure Layer 3 VLAN interfaces only for primary VLANs.
