Cisco Nexus 1000V Port Profile Configuration Guide, Release 4.2(1) SV1(4)
Configuring a Private VLAN in a Port Profiles
Downloads: This chapterpdf (PDF - 117.0KB) The complete bookPDF (PDF - 2.04MB) | Feedback

Configuring a Private VLAN in a Port Profile

Table Of Contents

Configuring a Private VLAN in a Port Profile

Information About Private VLANs

Configuring a Port Profile as a Private VLAN

Feature History for Private VLAN Port Profiles


Configuring a Private VLAN in a Port Profile


This chapter describes how to create a port profile for a private VLAN (PVLAN).

This chapter includes the following sections:

Information About Private VLANs

Configuring a Port Profile as a Private VLAN

Feature History for Private VLAN Port Profiles

Information About Private VLANs

Private VLANs (PVLANs) are used to segregate Layer 2 ISP traffic and convey it to a single router interface. PVLANs achieve device isolation by applying Layer 2 forwarding constraints that allow end devices to share the same IP subnet while being Layer 2 isolated. In turn, the use of larger subnets reduces address management overhead.

For more information about PVLAN, see the Cisco Nexus 1000V Layer 2 Switching Configuration Guide, Release 4.2(1)SV1(4)

Configuring a Port Profile as a Private VLAN

You can use this procedure to configure a port profile to be used as a private VLAN (PVLAN).

BEFORE YOU BEGIN

Before beginning this procedure, you must know or do the following:

You are logged in to the CLI in EXEC mode.

You know the VLAN IDs for both the primary and secondary VLAN in the private VLAN pair.

You know whether this private VLAN inherits its configuration.

SUMMARY STEPS

1. config t

2. port-profile [type {ethernet | vethernet}] name

3. switchport mode private-vlan {host | promiscuous | trunk promiscuous}

4. switchport private-vlan host-association primary-vlan secondary-vlan

5. switchport private-vlan trunk allowed vlan vlan-range

6. switchport private-vlan mapping primary_vlan [add | remove] secondary_vlan

7. switchport private-vlan mapping trunk primary_vlan [add | remove] secondary_vlan

8. show port-profile [brief | expand-interface | usage] [name profile-name]

9. copy running-config startup-config

DETAILED STEPS

 
Command
Description

Step 1 

config t

Example:

n1000v# config t

n1000v(config)#

Enters global configuration mode.

Step 2 

port-profile [type {ethernet | vethernet}] name

Example:

n1000v(config)# port-profile AccessProf

n1000v(config-port-prof)#

Enters port profile configuration mode for the named port profile. If the port profile does not already exist, it is created using the following characteristics:

name—The port profile name can be up to 80 characters and must be unique for each port profile on the Cisco Nexus 1000V.

type—(Optional) The port profile type can be Ethernet or vEthernet. Once configured, the type cannot be changed. The default is the vEthernet type.

Defining a port profile type as Ethernet allows the port profile to be used for physical (Ethernet) ports. In the vCenter Server, the corresponding port group can be selected and assigned to physical ports (PNICs).

Note If a port profile is configured as an Ethernet type, then it cannot be used to configure VMware virtual ports.

Step 3 

switchport mode private-vlan {host| promiscuous|trunk promiscuous}

Example:

n1000v(config-port-prof)# switchport mode private-vlan promiscuous

n1000v(config-port-prof)#

Designates the port profile for use as a private VLAN and defines the ports as follows:

promiscuous—vEthernet ports that belong to the primary VLAN and communicate with the Layer 3 gateway. Promiscuous ports can communicate with any interface in the PVLAN domain, including those associated with secondary VLANs.

host—vEthernet ports that belong to the secondary VLAN as one of the following:

Community PVLAN host port

Isolated PVLAN host port

promiscuous trunk—A physical Ethernet trunk port which carries both regular non-PVLAN traffic and PVLAN traffic. When traffic comes from a PVLAN host port, the packet is translated to the primary VLAN packet.

Step 4 

switchport private-vlan host-association primary-vlan secondary-vlan

Example:

n1000v(config-port-prof)# switchport private-vlan host-association 3 300

n1000v(config-port-prof)#

Assigns the primary and secondary VLAN IDs to the port profile and saves this association in the running configuration.

primary-vlan—Specifies a primary VLAN ID. You can specify only one primary VLAN ID.

secondary-vlan—Specifies the secondary VLAN ID. You can specify only one secondary VLAN ID.

Step 5 

switchport private-vlan trunk allowed vlan vlan-range

Example:

n1000v(config-port-prof)# switchport private-vlan trunk allowed vlan 155-156

n1000v(config-port-prof)#

Sets the allowed VLANs and VLAN IDs when interface is in private-vlan trunking mode.

Step 6 

switchport private-vlan mapping primary_vlan
[add | remove] secondary_vlan

Example:

n1000v(config-port-prof)# switchport private-vlan mapping 3 add 300 301 302

n1000v(config-port-prof)#

Maps the primary VLAN ID to the secondary VLAN ID for the port profile.

Step 7 

switchport private-vlan mapping trunk primary_vlan [add | remove] secondary_vlan

Example:

n1000v(config-port-prof)# switchport private-vlan mapping trunk 3 add 300 301 302

n1000v(config-port-prof)#

 

Step 8 

show port-profile [brief | expand-interface | usage] [name profile-name]

Example:

n1000v(config-port-prof)# show port-profile name AccessProf

(Optional) Displays the configuration for verification.

Step 9 

copy running-config startup-config

Example:

n1000v(config-port-prof)# copy running-config startup-config

(Optional) Saves the running configuration persistently through reboots and restarts by copying it to the startup configuration.

switch# config t
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)# port-profile type vethernet pvcomm
switch(config-port-prof)#   vmware port-group
switch(config-port-prof)#   switchport mode private-vlan host
switch(config-port-prof)#   switchport private-vlan host-association 153 154
switch(config-port-prof)#   no shutdown
switch(config-port-prof)#   state enabled
switch(config-port-prof)#   show run port-profile pv154
 
   
!Command: show running-config port-profile pv154
!Time: Fri Jan  7 15:10:43 2011
 
   
version 4.2(1)SV1(4)
port-profile type vethernet pv154
  vmware port-group
  switchport mode private-vlan host
  switchport private-vlan host-association 153 154
  no shutdown
  max-ports 1024
  state enabled
 
   
 
   
switch(config-port-prof)# port-profile type vethernet pvprom
switch(config-port-prof)#   vmware port-group
switch(config-port-prof)#   switchport mode private-vlan promiscuous
switch(config-port-prof)#   switchport private-vlan mapping 153 154-155
switch(config-port-prof)#   no shutdown
switch(config-port-prof)#   state enabled
switch(config-port-prof)# show run port-profile pvprom
 
   
!Command: show running-config port-profile pvprom
!Time: Fri Jan  7 15:11:43 2011
 
   
version 4.2(1)SV1(4)
port-profile type vethernet pv153
  vmware port-group
  switchport mode private-vlan promiscuous
  switchport private-vlan mapping 153 154-155
  no shutdown
  max-ports 1024
  state enabled
 
   
switch(config-port-prof)# port-profile type ethernet pvpromtrunk
switch(config-port-prof)#   vmware port-group
switch(config-port-prof)#   switchport mode private-vlan trunk promiscuous
switch(config-port-prof)#   switchport private-vlan mapping trunk 153 154-155
switch(config-port-prof)#   switchport private-vlan mapping trunk 156 157
switch(config-port-prof)#   switchport private-vlan trunk allowed vlan all
switch(config-port-prof)#   no shutdown
switch(config-port-prof)#   state enabled
switch(config-port-prof)# show run port-profile pvpromtrunk
 
   
!Command: show running-config port-profile pvpromtrunk
!Time: Fri Jan  7 15:12:24 2011
 
   
version 4.2(1)SV1(4)
port-profile type ethernet pvpromtrunk
  vmware port-group
  switchport mode private-vlan trunk promiscuous
  switchport private-vlan mapping trunk 153 154-155
  switchport private-vlan mapping trunk 156 157
  switchport private-vlan trunk allowed vlan 1-3967,4048-4093
  no shutdown
  state enabled
 
   
 
   

Feature History for Private VLAN Port Profiles

This section provides the feature history for system port profiles.

Feature Name
Releases
Feature Information

Private VLAN Port Profiles

4.0(4)SV1(1)

This feature was introduced.