Home » Dell Manuals » Servers » Dell Force10 MXL Blade » Manual Viewer

Dell Force10 MXL Blade MXL 10/40GbE Switch IO Module FTOS Command Line Referen - Page 440

Private VLAN Concepts

View all Dell Force10 MXL Blade manuals

Add to My Manuals
Save this manual to your list of manuals

Page 440 highlights

www.dell.com | support.dell.com Private VLAN Concepts Primary VLAN: The primary VLAN is the base VLAN and can have multiple secondary VLANs. There are two types of secondary VLAN - community VLAN and isolated VLAN: • A primary VLAN can have any number of community VLANs and isolated VLANs. • Private VLANs block all traffic to isolated ports except traffic from promiscuous ports. Traffic received from an isolated port is forwarded only to promiscuous ports or trunk ports. Community VLAN: A community VLAN is a secondary VLAN of the primary VLAN: • Ports in a community VLAN can talk to each other. Also, all ports in a community VLAN can talk to all promiscuous ports in the primary VLAN and vice-versa. • Devices on a community VLAN can communicate with each other via member ports, while devices in an isolated VLAN cannot. Isolated VLAN: An isolated VLAN is a secondary VLAN of the primary VLAN: • Ports in an isolated VLAN cannot talk to each other. Servers would be mostly connected to isolated VLAN ports. • Isolated ports can talk to promiscuous ports in the primary VLAN, and vice-versa. Port types: • Community port: A community port is, by definition, a port that belongs to a community VLAN and is allowed to communicate with other ports in the same community VLAN and with promiscuous ports. • Isolated port: An isolated port is, by definition, a port that, in Layer 2, can only communicate with promiscuous ports that are in the same PVLAN. • Promiscuous port: A promiscuous port is, by definition, a port that is allowed to communicate with any other port type. • Trunk port: A trunk port, by definition, carries VLAN traffic across switches: • A trunk port in a PVLAN is always tagged. • Primary or secondary VLAN traffic is carried by the trunk port in tagged mode. The tag on the packet helps identify the VLAN to which the packet belongs. • A trunk port can also belong to a regular VLAN (non-private VLAN). ip local-proxy-arp Enable/disable Layer 3 communication between secondary VLANs in a private VLAN. Syntax [no] ip local-proxy-arp To disable Layer 3 communication between secondary VLANs in a private VLAN, use the no ip local-proxy-arp command in INTERFACE VLAN mode for the primary VLAN. 440 | Private VLAN (PVLAN)

Section	Page
About this Guide	9
Objectives	9
Audience	9
Conventions	9
Information Symbols	10
Related Documents	10
CLI Basics	11
Accessing the Command Line	11
Multiple Configuration Users	12
Navigating the Command Line Interface	12
Obtaining Help	13
Using the Keyword no	15
Filtering show Commands	15
Displaying All Output	16
Filtering Command Output Multiple Times	16
Command Modes	16
EXEC Mode	16
EXEC Privilege Mode	17
CONFIGURATION Mode	17
INTERFACE Mode	17
LINE Mode	18
MAC ACCESS LIST Mode	18
IP ACCESS LIST Mode	18
ROUTE-MAP Mode	18
PREFIX-LIST Mode	19
SPANNING TREE Mode	19
Per-VLAN SPANNING TREE Plus Mode	19
RAPID SPANNING TREE Mode	19
MULTIPLE SPANNING TREE Mode	20
PROTOCOL GVRP Mode	20
ROUTER OSPF Mode	20
ROUTER RIP Mode	20
File Management	21
Overview	21
Basic File Management Commands	21
Control and Monitoring	37
Commands	37
Important Points to Remember	67
u-Boot	81
Overview	81
Commands	81
Access Control Lists (ACL)	91
Overview	91
Commands Common to all ACL Types	91
Common IP ACL Commands	94
Standard IP ACL Commands	98
Extended IP ACL Commands	102
Common MAC Access List Commands	117
Standard MAC ACL Commands	120
Extended MAC ACL Commands	123
IP Prefix List Commands	127
Route Map Commands	132
Bare Metal Provisioning	143
Overview	143
Commands	143
Content Addressable Memory (CAM)	147
Overview	147
CAM Profile Commands	147
Important Points to Remember	147
Data Center Bridging	153
Overview	153
DCB Command	153
PFC Commands	153
ETS Commands	154
DCBX Commands	154
Dynamic Host Configuration Protocol (DHCP)	187
Overview	187
Commands to Configure the System to be a DHCP Server	187
Commands to Configure the System to be a DHCP Client	194
Other Commands supported by DHCP Client	195
Commands to Configure Secure DHCP	198
FIP Snooping	205
Overview	205
GARP VLAN Registration (GVRP)	217
Commands	217
Important Points to Remember	218
Internet Group Management Protocol (IGMP)	227
IGMP Snooping Commands	227
Important Points to Remember for IGMP Snooping	227
Important Points to Remember for IGMP Querier	228
Interfaces	235
Overview	235
Basic Interface Commands	235
Port Channel Commands	277
Time Domain Reflectometer (TDR)	284
Important Points to Remember	284
UDP Broadcast	286
Important Points to Remember	286
IPv4 Routing	289
Commands	289
iSCSI Optimization	323
Overview	323
Link Aggregation Control Protocol (LACP)	331
Overview	331
Commands	331
Layer 2	337
Overview	337
MAC Addressing Commands	337
Virtual LAN (VLAN) Commands	347
Link Layer Discovery Protocol (LLDP)	355
Overview	355
Commands	355
LLDP-MED Commands	363
Multiple Spanning Tree Protocol (MSTP)	371
Overview	371
Commands	371
Open Shortest Path First (OSPFv2)	385
Overview	385
OSPFv2 Commands	385
Port Monitoring	433
Overview	433
Commands	433
Important Points to Remember	433
Private VLAN (PVLAN)	439
Commands	439
Private VLAN Concepts	440
Per-VLAN Spanning Tree Plus (PVST+)	449
Overview	449
Commands	449
Quality of Service (QoS)	461
Overview	461
Global Configuration Commands	461
Per-Port QoS Commands	462
Policy-Based QoS Commands	467
Routing Information Protocol (RIP)	491
Overview	491
Commands	491
Remote Monitoring (RMON)	507
Overview	507
Commands	507
Rapid Spanning Tree Protocol (RSTP)	519
Overview	519
Commands	519
Security	531
Commands	531
AAA Accounting Commands	531
Authorization and Privilege Commands	534
Authentication and Password Commands	537
RADIUS Commands	548
TACACS+ Commands	552
SSH Server and SCP Commands	555
Secure DHCP Commands	566
sFlow	571
Overview	571
Important Points to Remember	571
Commands	572
Simple Network Management Protocol (SNMP) and Syslog	579
Overview	579
SNMP Commands	579
Important Points to Remember	580
Syslog Commands	594
Storm Control	605
Overview	605
Commands	605
Important Points to Remember	605
Stacking Commands	611
Overview	611
Commands	611
Spanning Tree Protocol (STP)	621
Overview	621
System Time and Date	631
Overview	631
Commands	631
Uplink Failure Detection (UFD)	645
Overview	645
Commands	645
VLAN Stacking	655
Overview	655
Important Points to Remember	655
Virtual Router Redundancy Protocol (VRRP)	663
IPv4 VRRP Commands	663
Debugging and Diagnostics	675
Offline Diagnostic Commands	675
Important Points to Remember	675
Buffer Tuning Commands	677
Hardware Commands	682
Internet Control Message Protocol (ICMP) Message Types	695
SNMP Traps	697
Index	701

Match case Limit results 1 per page

440

Private VLAN (PVLAN)

www.dell.com | support.dell.com

Private VLAN Concepts

Primary VLAN

The

primary VLAN

is the base VLAN and can have multiple secondary VLANs. There are two types of

secondary VLAN —

community VLAN

and

isolated VLAN

•

A primary VLAN can have any number of community VLANs and isolated VLANs.

•

Private VLANs block all traffic to isolated ports except traffic from promiscuous ports. Traffic

received from an isolated port is forwarded only to promiscuous ports or trunk ports.

Community VLAN

A community VLAN is a secondary VLAN of the primary VLAN:

•

Ports in a community VLAN can talk to each other. Also, all ports in a community VLAN can talk

to all

promiscuous ports

in the primary VLAN and vice-versa.

•

Devices on a community VLAN can communicate with each other via member ports, while

devices in an isolated VLAN cannot.

Isolated VLAN

An isolated VLAN is a secondary VLAN of the primary VLAN:

•

Ports in an isolated VLAN cannot talk to each other. Servers would be mostly connected to

isolated VLAN ports.

•

Isolated ports can talk to promiscuous ports in the primary VLAN, and vice-versa.

Port types

•

Community

port:

community port

is, by definition, a port that belongs to a community VLAN

and is allowed to communicate with other ports in the same community VLAN and with

promiscuous ports.

•

Isolated

port:

isolated port

is, by definition, a port that, in Layer 2, can only communicate

with promiscuous ports that are in the same PVLAN.

•

Promiscuous port:

promiscuous port

is, by definition, a port that is allowed to communicate

with any other port type.

•

Trunk port

: A

trunk port

, by definition, carries VLAN traffic across switches:

•

A trunk port in a PVLAN is always tagged.

•

Primary or secondary VLAN traffic is carried by the trunk port in tagged mode. The tag on the

packet helps identify the VLAN to which the packet belongs.

•

A trunk port can also belong to a regular VLAN (non-private VLAN).

ip local-proxy-arp

Enable/disable Layer 3 communication between secondary VLANs in a private VLAN.

Syntax

[

]

ip local-proxy-arp

To disable Layer 3 communication between secondary VLANs in a private VLAN, use the

no ip

local-proxy-arp

command in INTERFACE VLAN mode for the primary VLAN.