Private VLANs
Any switch port can belong to a VLAN, and unicast, broadcast, and multicast packets are forwarded and
flooded only to end stations in that VLAN. Each VLAN is considered as a logical network, and packets
destined for stations that do not belong to the VLAN must be forwarded through a bridge or a router.
All ports are assigned to the default VLAN (VLAN1) when the device first comes up. A VLAN interface, or
switched virtual interface (SVI), is a Layer 3 interface that is created to provide communication between
VLANs.
The devices support 4094 VLANs in accordance with the IEEE 802.1Q standard. These VLANs are organized
into several ranges, and you use each range slightly differently. Some of these VLANs are reserved for internal
use by the device and are not available for configuration.
Inter-Switch Link (ISL) trunking is not supported on the Cisco NX-OS.
Note
Private VLANs
Private VLANs provide traffic separation and security at the Layer 2 level.
A private VLAN is one or more pairs of a primary VLAN and a secondary VLAN, all with the same primary
VLAN. The two types of secondary VLANs are isolated and community VLANs. Hosts on isolated VLANs
communicate only with hosts in the primary VLAN. Hosts in a community VLAN can communicate only
among themselves and with hosts in the primary VLAN but not with hosts in isolated VLANs or in other
community VLANs.
Regardless of the combination of isolated and community secondary VLANs, all interfaces within the primary
VLAN comprise one Layer 2 domain, and therefore, require only one IP subnet.
Spanning Tree
This section discusses the implementation of the Spanning Tree Protocol (STP) on the software. Spanning
tree is used to refer to IEEE 802.1w and IEEE 802.1s. When the IEEE 802.1D Spanning Tree Protocol is
referred to in the publication, 802.1D is stated specifically.
STP Overview
STP provides a loop-free network at the Layer 2 level. Layer 2 LAN ports send and receive STP frames,
which are called Bridge Protocol Data Units (BPDUs), at regular intervals. Network devices do not forward
these frames but use the frames to construct a loop-free path.
802.1D is the original standard for STP, and many improvements have enhanced the basic loop-free STP.
You can create a separate loop-free path for each VLAN, which is named Per VLAN Spanning Tree (PVST+).
Additionally, the entire standard was reworked to make the loop-free convergence process faster to keep up
with the faster equipment. This STP standard with faster convergence is the 802.1w standard, which is known
as Rapid Spanning Tree (RSTP). Now, these faster convergence times are available as you create STP for
each VLAN, which is known as Per VLAN Rapid Spanning Tree (Rapid PVST+).
Finally, the 802.1s standard, Multiple Spanning Tree (MST), allows you to map multiple VLANs into a single
spanning tree instance. Each instance runs an independent spanning tree topology.
Cisco Nexus 7000 Series NX-OS Layer 2 Switching Configuration Guide, Release 5.x
4
Overview