440 | Private VLAN (PVLAN)
www.dell.com | support.dell.com
Private VLAN Concepts
Primary VLAN:
The primary VLAN is the base VLAN and can have multiple secondary VLANs. There are two types of
secondary VLAN — community VLAN and isolated VLAN:
• A primary VLAN can have any number of community VLANs and isolated VLANs.
• Private VLANs block all traffic to isolated ports except traffic from promiscuous ports. Traffic
received from an isolated port is forwarded only to promiscuous ports or trunk ports.
Community VLAN:
A community VLAN is a secondary VLAN of the primary VLAN:
• Ports in a community VLAN can talk to each other. Also, all ports in a community VLAN can talk
to all promiscuous ports in the primary VLAN and vice-versa.
• Devices on a community VLAN can communicate with each other via member ports, while
devices in an isolated VLAN cannot.
Isolated VLAN:
An isolated VLAN is a secondary VLAN of the primary VLAN:
• Ports in an isolated VLAN cannot talk to each other. Servers would be mostly connected to
isolated VLAN ports.
• Isolated ports can talk to promiscuous ports in the primary VLAN, and vice-versa.
Port types:
• Community port: A community port is, by definition, a port that belongs to a community VLAN
and is allowed to communicate with other ports in the same community VLAN and with
promiscuous ports.
• Isolated port: An isolated port is, by definition, a port that, in Layer 2, can only communicate
with promiscuous ports that are in the same PVLAN.
• Promiscuous port: A promiscuous port is, by definition, a port that is allowed to communicate
with any other port type.
• Trunk port: A trunk port, by definition, carries VLAN traffic across switches:
• A trunk port in a PVLAN is always tagged.
• Primary or secondary VLAN traffic is carried by the trunk port in tagged mode. The tag on the
packet helps identify the VLAN to which the packet belongs.
• A trunk port can also belong to a regular VLAN (non-private VLAN).
ip local-proxy-arp
Enable/disable Layer 3 communication between secondary VLANs in a private VLAN.
Syntax
[no] ip local-proxy-arp
To disable Layer 3 communication between secondary VLANs in a private VLAN, use the no ip
local-proxy-arp
command in INTERFACE VLAN mode for the primary VLAN.
To Next Page
Loading...
