beautypg.com

Fsx devices – Brocade FastIron Ethernet Switch Platform and Layer 2 Switching Configuration Guide User Manual

Page 417

background image

community - Broadcasts and unknown unicasts received on community ports are sent to the primary

port and also are flooded to the other ports in the community VLAN.

isolated - Broadcasts and unknown unicasts received on isolated ports are sent only to the primary

port. They are not flooded to other ports in the isolated VLAN.

primary - The primary PVLAN ports are "promiscuous". They can communicate with all the isolated

PVLAN ports and community PVLAN ports in the isolated and community VLANs that are mapped to
the promiscuous port.

Changing from one PVLAN type to another (for example, from primary to community or vice versa) is
allowed but the mapping will be removed.

Enabling broadcast or unknown unicast traffic to the PVLAN on FSX
devices

To enhance PVLAN security, the primary PVLAN does not forward broadcast or unknown unicast
packets to its community and isolated VLANs. For example, if port 3/2 in

Figure 91

on page 411

receives a broadcast packet from the firewall, the port does not forward the packet to the other PVLAN
ports (3/5, 3/6, 3/9, and 3/10).

This forwarding restriction does not apply to traffic from the secondary PVLAN. The primary port does
forward broadcast and unknown unicast packets that are received from the isolated and community
VLANs. For example, if the host on port 3/9 sends an unknown unicast packet, port 3/2 forwards the
packet to the firewall.

If you want to remove the forwarding restriction of the primary VLAN, you can enable the primary port to
forward broadcast or unknown unicast traffic, if desired, using the following CLI method. You can enable
or disable forwarding of broadcast or unknown unicast packets separately.

NOTE
On Layer 2 switches and Layer 3 switches, you also can use MAC address filters to control the traffic
forwarded into and out of the PVLAN. In addition, if you are using a Layer 2 switch, you also can use
ACLs.

Command syntax

To configure the ports in the primary VLAN to forward broadcast or unknown unicast and multicast
traffic received from sources outside the PVLAN, enter the following commands at the global CONFIG
level of the CLI.

Brocade(config)# pvlan-preference broadcast flood

Brocade(config)# pvlan-preference unknown-unicast flood

These commands enable forwarding of broadcast and unknown-unicast packets to ports within the
PVLAN. To again disable forwarding, enter a command such as the following.

Brocade(config)# no pvlan-preference broadcast flood

This command disables forwarding of broadcast packets within the PVLAN.

Syntax: [no] pvlan-preference broadcast | unknown-unicast flood

NOTE
The pvlan-preference broadcast and pvlan-preference unknown-unicast commands are not supported
on the FCX and ICX platforms. These are supported on all the other FastIron platforms.

Enabling broadcast or unknown unicast traffic to the PVLAN on FSX devices

FastIron Ethernet Switch Platform and Layer 2 Switching Configuration Guide

417

53-1003086-04

See also other documents in the category Brocade Computer Accessories: