Users Guide
7 Conrm the reload query.
8 After reloading, conrm that VLT is enabled.
9 Conrm that the management ports are interconnected or connected to a switch that can transfer Heartbeat information.
Specifying VLT Nodes in a PVLAN
You can congure VLT peer nodes in a private VLAN (PVLAN). VLT enables redundancy without the implementation of Spanning Tree
Protocol (STP), and provides a loop-free network with optimal bandwidth utilization.
Because the VLT LAG interfaces are terminated on two dierent nodes, PVLAN conguration of VLT VLANs and VLT LAGs are
symmetrical and identical on both the VLT peers. PVLANs provide Layer 2 isolation between ports within the same VLAN. A PVLAN
partitions a traditional VLAN into sub-domains identied by a primary and secondary VLAN pair. With VLT being a Layer 2 redundancy
mechanism, support for conguration of VLT nodes in a PVLAN enables Layer 2 security functionalities. To achieve maximum VLT resiliency,
you should congure the PVLAN IDs and mappings to be identical on both the VLT peer nodes.
The association of PVLAN with the VLT LAG must also be identical. After the VLT LAG is congured to be a member of either the primary
or secondary PVLAN (which is associated with the primary), ICL becomes an automatic member of that PVLAN on both switches. This
association helps the PVLAN data ow received on one VLT peer for a VLT LAG to be transmitted on that VLT LAG from the peer.
You can associate either a VLT VLAN or a VLT LAG to a PVLAN. First congure the VLT interconnect (VLTi) or a VLT LAG by using the
peer-link port-channel id-number command or the VLT VLAN by using the peer-link port-channel id-number
peer-down-vlan vlan interface number command and the switchport command. After you specify the VLTi link and VLT
LAGs, you can associate the same port channel or LAG bundle that is a part of a VLT to a PVLAN by using the
interface interface
and switchport mode private-vlan commands.
When a VLTi port in trunk mode is a member of symmetric VLT PVLANs, the PVLAN packets are forwarded only if the PVLAN settings of
both the VLT nodes are identical. You can congure the VLTi in trunk mode to be a member of non-VLT PVLANs if the VLTi is congured
on both the peers. MAC address synchronization is performed for VLT PVLANs across peers in a VLT domain.
Keep the following points in mind when you congure VLT nodes in a PVLAN:
• Congure the VLTi link to be in trunk mode. Do not congure the VLTi link to be in access or promiscuous mode.
• You can congure a VLT LAG or port channel to be in trunk, access, or promiscuous port modes when you include the VLT LAG in a
PVLAN. The VLT LAG settings must be the same on both the peers. If you congure a VLT LAG as a trunk port, you can associate that
LAG to be a member of a normal VLAN or a PVLAN. If you congure a VLT LAG to be a promiscuous port, you can congure that LAG
to be a member of PVLAN only. If you congure a VLT LAG to be in access port mode, you can add that LAG to be a member of the
secondary VLAN only.
• ARP entries are synchronized even when a mismatch occurs in the PVLAN mode of a VLT LAG.
Any VLAN that contains at least one VLT port as a member is treated as a VLT VLAN. You can congure a VLT VLAN to be a primary,
secondary, or a normal VLAN. However, the VLT VLAN conguration must be symmetrical across peers. If the VLT LAG is tagged to any
one of the primary or secondary VLANs of a PVLAN, then both the primary and secondary VLANs are considered as VLT VLANs.
If you add an ICL or VLTi link as a member of a primary VLAN, the ICL becomes a part of the primary VLAN and its associated secondary
VLANs, similar to the behavior for normal trunk ports. VLAN parity is not validated if you associate an ICL to a PVLAN. Similarly, if you
dissociate an ICL from a PVLAN, although the PVLAN parity exists, ICL is removed from that PVLAN.
Association of VLTi as a Member of a PVLAN
If a VLAN is congured as a non-VLT VLAN on both the peers, the VLTi link is made a member of that VLAN if the VLTi link is congured as
a PVLAN or normal VLAN on both the peers. If a PVLAN is congured as a VLT VLAN on one peer and a non-VLT VLAN on another peer,
the VLTi is added as a member of that VLAN by verifying the PVLAN parity on both the peers. In such a case, if a PVLAN is present as a
VLT PVLAN on at least one of the peers, then symmetric conguration of the PVLAN is validated to cause the VLTi to be a member of that
VLAN. Whenever a change in the VLAN mode on one of the peers occurs, the information is synchronized with the other peer and VLTi is
either added or removed from the VLAN based on the validation of the VLAN parity.
Virtual Link Trunking (VLT)
865