Users Guide
• The ports in community VLAN 4001 can communicate directly with each other and with promiscuous ports.
• The ports in community VLAN 4002 can communicate directly with each other and with promiscuous ports.
• The ports in isolated VLAN 4003 can only communicate with the promiscuous ports in the primary VLAN 4000.
• All the ports in the secondary VLANs (both community and isolated VLANs) can only communicate with ports in the other
secondary VLANs of that PVLAN over Layer 3, and only when the ip local-proxy-arp command is invoked in the primary
VLAN.
NOTE: Even after you disable ip-local-proxy-arp (no ip-local-proxy-arp) in a secondary VLAN, Layer 3
communication may happen between some secondary VLAN hosts, until the ARP timeout happens on those secondary
VLAN hosts.
In parallel, on S5000-2:
• TenGig 0/3 is a promiscuous port and TenGig 0/25 is a PVLAN trunk port, assigned to the primary VLAN 4000.
• TenGig 0/4-6 are host ports. TenGig 0/4 and TenGig 0/5 are assigned to the community VLAN 4001, while TenGig 0/6 is
assigned to the isolated VLAN 4003.
The result is that:
• The S5000-2 ports would have the same intra-switch communication characteristics as described previously for the S5000-1.
• For transmission between switches, tagged packets originating from host PVLAN ports in one secondary VLAN and destined for
host PVLAN ports in the other switch travel through the promiscuous ports in the local VLAN 4000 and then through the trunk
ports (0/25 in each switch).
Inspecting the Private VLAN Conguration
The standard methods of inspecting congurations also apply in PVLANs.
To inspect your PVLAN congurations, use the following commands.
• Display the specic interface conguration.
INTERFACE mode and INTERFACE VLAN mode
show config
• Inspect the running-cong, and, with the grep pipe option, display a specic part of the running-cong.
show running-config | grep string
The following example shows the PVLAN parts of the running-cong from the S5000–2 switch in the topology diagram
previously shown.
• Display the type and status of the congured PVLAN interfaces.
show interfaces private-vlan [interface interface]
This command is specic to the PVLAN feature.
For more information, refer to the Security chapter in the Dell Networking OS Command Line Reference Guide.
• Display the congured PVLANs or interfaces that are part of a PVLAN.
show vlan private-vlan [community | interface | isolated | primary | primary_vlan |
interface interface]
This command is specic to the PVLAN feature.
The following examples show the results of using this command without the command options on the S5000–1 switch in the
topology diagram previously shown.
• Display the primary-secondary VLAN mapping. The following example shows the output from the S5000–2.
show vlan private-vlan mapping
This command is specic to the PVLAN feature.
Examples of Viewing a Private VLAN using the show Commands
The show arp and show vlan commands are revised to display PVLAN data.
686
Private VLANs (PVLAN)