Dell Force10 S55T S55 Configuration Guide FTOS 8.3.5.3 - Page 544
Inspecting the Private VLAN Configuration, FTOS Command, Reference
View all Dell Force10 S55T manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 544 highlights
www.dell.com | support.dell.com The result is that: • The ports in community VLAN 4001 can communicate directly with each other and with promiscuous ports. • The ports in community VLAN 4002 can communicate directly with each other and with promiscuous ports • The ports in isolated VLAN 4003 can only communicate with the promiscuous ports in the primary VLAN 4000. • All the ports in the secondary VLANs (both community and isolated VLANs) can only communicate with ports in the other secondary VLANs of that PVLAN over Layer 3, and only when the command ip local-proxy-arp is invoked in the primary VLAN. Note: Even after ip-local-proxy-arp is disabled (no ip-local-proxy-arp) in a secondary VLAN, Layer 3 communication may happen between some secondary VLAN hosts, until the ARP timeout happens on those secondary VLAN hosts. In parallel, on S50-1: • Gi 0/3 is a promiscuous port and Gi 0/25 is a PVLAN trunk port, assigned to the primary VLAN 4000. • Gi 0/4-6 are host ports. Gi 0/4 and Gi 0/5 are assigned to the community VLAN 4001, while Gi 0/6 is assigned to the isolated VLAN 4003. The result is that: • The S50V ports would have the same intra-switch communication characteristics as described above for the C300. • For transmission between switches, tagged packets originating from host PVLAN ports in one secondary VLAN and destined for host PVLAN ports in the other switch travel through the promiscuous ports in the local VLAN 4000 and then through the trunk ports (0/25 in each switch). Inspecting the Private VLAN Configuration The standard methods of inspecting configurations also apply in PVLANs: • Within the INTERFACE and INTERFACE VLAN modes, use the show config command to display the specific interface configuration. • Inspect the running-config, and, with the grep pipe option (show running-config | grep string), you can display a specific part of the running-config. Figure 29-8 shows the PVLAN parts of the running-config from the S50V switch in the topology diagram shown in Figure 29-3, above. • You can also use one of three show commands that are specific to the Private VLAN feature: • show interfaces private-vlan [interface interface]: Display the type and status of the configured PVLAN interfaces. See the example output in the Security chapter of the FTOS Command Reference. • show vlan private-vlan [community | interface | isolated | primary | primary_vlan | interface interface]: Display the configured PVLANs or interfaces that are part of a PVLAN. Figure 29-4 shows the results of using the command without command options on the C300 switch in the topology diagram shown in Figure 29-3, above, while Figure 29-5 shows the results on the S50V. 544 | Private VLANs