diff --git a/docs/en-US/networks.xml b/docs/en-US/networks.xml
index b557088273f..d1fc541659a 100644
--- a/docs/en-US/networks.xml
+++ b/docs/en-US/networks.xml
@@ -48,6 +48,7 @@
+
diff --git a/docs/en-US/pvlan.xml b/docs/en-US/pvlan.xml
index e3f2ea3ace7..f0cdbac94e3 100644
--- a/docs/en-US/pvlan.xml
+++ b/docs/en-US/pvlan.xml
@@ -110,20 +110,16 @@
url="http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a0080094830.shtml"
>Private VLAN Catalyst Switch Support Matrixfor more information.
-
- Connect a switch to the gateway; connect additional switches to the gateway via a
- trunk port: Only Cisco Catalyst 4500 has the PVLAN promiscuous trunk mode to connect both
- normal VLAN and PVLAN to a PVLAN-unaware switch. For other Catalyst PVLAN support switch,
- connect the switch to upper switch by using cables. The number of cables should be greater
- than the number of PVLANs used.
-
All the layer 2 switches, which are PVLAN-aware, are connected to each other, and one
of them is connected to a router. All the ports connected to the host would be configured
- in trunk mode. Allow Management VLAN, Primary VLAN (public) and secondary Isolated VLAN
+ in trunk mode. Open Management VLAN, Primary VLAN (public) and Secondary Isolated VLAN
ports. Configure the switch port connected to the router in PVLAN promiscuous trunk mode,
- which would translate an isolated VLAN to primary VLAN for router, which is PVLAN-unaware.
-
+ which would translate an isolated VLAN to primary VLAN for the PVLAN-unaware router.
+ Note that only Cisco Catalyst 4500 has the PVLAN promiscuous trunk mode to connect
+ both normal VLAN and PVLAN to a PVLAN-unaware switch. For other Catalyst PVLAN support
+ switch, connect the switch to upper switch by using cables. The number of cables should be
+ greater than the number of PVLANs used.
If your Catalyst switch supports PVLAN, but not PVLAN promiscuous trunk mode, perform
@@ -137,15 +133,15 @@
For each PVLAN, perform the following:
- Connect one port of the Catalyst switch to the upper switch.
+ Connect a port of the Catalyst switch to the upper switch.
Set the port in the Catalyst Switch in promiscuous mode for one pair of
- PVLAN
+ PVLAN.
- Set the port in upper switch to access mode, and allow only the traffic of
- primary VLAN of the PVLAN pair.
+ Set the port in the upper switch to access mode, and allow only the traffic of
+ the primary VLAN of the PVLAN pair.
@@ -154,10 +150,90 @@
Configure private VLAN on your physical switches out-of-band.
+
+ Open vSwitch (OVS) used by XenServer and KVM does not support PVLAN. Therefore,
+ simulate PVLAN on OVS for XenServer and KVM by modifying the flow table to achieve the
+ following:
+
+
+ For every traffic leaving user VMs, tag with the secondary isolated VLAN
+ ID.
+
+
+ Change the VLAN ID to primary VLAN ID.
+ This allows the traffic which is tagged with the secondary isolated VLAN ID reach
+ the DHCP server.
+
+
+ The gateway is PVLAN-unaware; therefore, the switch connected to the gateway
+ should translate all the secondary VLAN to primary VLAN for communicating with the
+ gateway.
+
+
+
-
-
+ Creating a PVLAN-Enabled Guest Network
+
+
+ Log in to the CloudPlatform UI as administrator.
+
+
+ In the left navigation, choose Infrastructure.
+
+
+ On Zones, click View More.
+
+
+ Click the zone to which you want to add a guest network.
+
+
+ Click the Physical Network tab.
+
+
+ Click Add guest network.
+ The Add guest network window is displayed.
+
+
+ Specify the following:
+
+
+ Name:
+
+
+ Description:
+
+
+ VLAN ID:
+
+
+ Private VLAN ID:
+
+
+ Scope:
+
+
+ Network Offering:
+
+
+ Gateway:
+
+
+ Netmask:
+
+
+ IP Range:
+
+
+ IPv6 CIDR:
+
+
+ Network Domain:
+
+
+
+ Click OK to confirm.
+