Manualshelf

Command Line Reference Guide

ManualsBrandsDell ManualsserversDell Force10 E600i
1091109210931094109510961097109810991100
Private VLAN (PVLAN) | 1091
47
Private VLAN (PVLAN)
Overview
Starting with FTOS 7.8.1.0, the Private VLAN (PVLAN) feature of FTOS is available for the C-Series
and S-Series:
c s
Commands
ip local-proxy-arp
private-vlan mode
private-vlan mapping secondary-vlan
show interfaces private-vlan
show vlan private-vlan
show vlan private-vlan mapping
switchport mode private-vlan
Refer also to the following commands. The command output is augmented in FTOS 7.8.1.0 to
provide PVLAN data:
show arp in Chapter 26, IPv4 Routing
show vlan in Chapter 32, Layer 2
Private VLANs extend the FTOS security suite by providing Layer 2 isolation between ports within the
same private VLAN. A private VLAN partitions a traditional VLAN into subdomains identified by a
primary and secondary VLAN pair.
The FTOS private VLAN implementation is based on RFC 3069.
Private VLAN Concepts
Primary VLAN:
The primary VLAN is the base VLAN and can have multiple secondary VLANs. There are two
types of secondary VLAN — community VLAN and isolated VLAN:
A primary VLAN can have any number of community VLANs and isolated VLANs.
Private VLANs block all traffic to isolated ports except traffic from promiscuous ports. Traffic
received from an isolated port is forwarded only to promiscuous ports or trunk ports.
Community VLAN:
A community VLAN is a secondary VLAN of the primary VLAN:
Ports in a community VLAN can talk to each other. Also, all ports in a community VLAN can talk
to all promiscuous ports in the primary VLAN and vice-versa.
Devices on a community VLAN can communicate with each other via member ports, while
devices in an isolated VLAN cannot.