40

Private VLAN (PVLAN)

The private VLAN (PVLAN) feature of the Dell Networking operating software is supported on the S6000 platforms.

Private VLANs extend the Dell Networking OS security suite by providing Layer 2 isolation between ports within the same private VLAN. A private VLAN partitions a traditional VLAN into subdomains identified by a primary and secondary VLAN pair. The Dell Networking OS private VLAN implementation is based on RFC 3069.

For more information, refer to the following commands. The command output is augmented in Dell Networking OS version 7.8.1.0 at later to provide PVLAN data:

show arp

show vlan

Private VLAN Concepts

Primary VLAN:

The primary VLAN is the base VLAN and can have multiple secondary VLANs. There are two types of secondary VLAN — community VLAN and isolated VLAN:

A primary VLAN can have any number of community VLANs and isolated VLANs.

Private VLANs block all traffic to isolated ports except traffic from promiscuous ports. Traffic received from an isolated port is forwarded only to promiscuous ports or trunk ports.

Community VLAN:

A community VLAN is a secondary VLAN of the primary VLAN:

Ports in a community VLAN can talk to each other. Also, all ports in a community VLAN can talk to all promiscuous ports in the primary VLAN and vice versa.

Devices on a community VLAN can communicate with each other using member ports, while devices in an isolated VLAN cannot.

Isolated VLAN:

An isolated VLAN is a secondary VLAN of the primary VLAN:

Ports in an isolated VLAN cannot talk to each other. Servers would be mostly connected to isolated VLAN ports.

Isolated ports can talk to promiscuous ports in the primary VLAN, and vice versa.

1222

Private VLAN (PVLAN)

Page 1222
Image 1222
Dell 9.7(0.0) manual Private Vlan Pvlan, Private Vlan Concepts