802 | Private VLANs (PVLAN)
www.dell.com | support.dell.com
The result is that:
• The ports in community VLAN 4001 can communicate directly with each other and with promiscuous
ports.
• The ports in community VLAN 4002 can communicate directly with each other and with promiscuous
ports
• The ports in isolated VLAN 4003 can only communicate with the promiscuous ports in the primary
VLAN 4000.
• All the ports in the secondary VLANs (both community and isolated VLANs) can only communicate
with ports in the other secondary VLANs of that PVLAN over Layer 3, and only when the command
ip
local-proxy-arp
is invoked in the primary VLAN.
In parallel, on S50-1:
• Gi 0/3 is a promiscuous port and Gi 0/25 is a PVLAN trunk port, assigned to the primary VLAN 4000.
• Gi 0/4-6 are host ports. Gi 0/4 and Gi 0/5 are assigned to the community VLAN 4001, while Gi 0/6 is
assigned to the isolated VLAN 4003.
The result is that:
• The S50V ports would have the same intra-switch communication characteristics as described above
for the C300.
• For transmission between switches, tagged packets originating from host PVLAN ports in one
secondary VLAN and destined for host PVLAN ports in the other switch travel through the
promiscuous ports in the local VLAN 4000 and then through the trunk ports (0/25 in each switch).
Inspecting the Private VLAN Configuration
The standard methods of inspecting configurations also apply in PVLANs:
• Within the INTERFACE and INTERFACE VLAN modes, use the
show config command to display the
specific interface configuration.
• Inspect the running-config, and, with the
grep pipe option (show running-config | grep string), you can
display a specific part of the running-config. Figure 37-8 shows the PVLAN parts of the
running-config from the S50V switch in the topology diagram shown in Figure 37-3, above.
• You can also use one of three
show commands that are specific to the Private VLAN feature:
•
show interfaces private-vlan [interface interface]: Display the type and status of the configured
PVLAN interfaces. See the example output in the Security chapter of the
FTOS Command Line
Reference.
•
show vlan private-vlan [community | interface | isolated | primary | primary_vlan | interface interface]:
Display the configured PVLANs or interfaces that are part of a PVLAN. Figure 37-4 shows the
results of using the command without command options on the C300 switch in the topology
diagram shown in Figure 37-3, above, while Figure 37-5 shows the results on the S50V.
Note: Even after ip-local-proxy-arp is disabled (no ip-local-proxy-arp) in a secondary VLAN, Layer 3
communication may happen between some secondary VLAN hosts, until the ARP timeout happens on
those secondary VLAN hosts.
To Next Page
Loading...
