Quick Reference Guide

ManualsBrandsDell ManualsComputer equipmentPowerConnect B-TI24x

331

332

333

334

335

336

337

338

339

340

PowerConnect B-Series TI24X Configuration Guide 301

53-1002269-02

Configuring private VLANs

• Secondary – The secondary private VLAN are secure VLANs that are separated from the rest of

the network by the primary private VLAN. Every secondary private VLAN is associated with a

primary private VLAN. The two types of secondary private VLANs are isolated private VLAN and

community private VLAN.

• Isolated – Broadcasts and unknown-unicasts packet received on isolated ports are sent

only to the primary port. They are not flooded to other ports in the isolated VLAN.

On PowerConnect B-Series TI24X devices, the broadcasts, unknown-unicasts, and

unregistered-multicast packets received on isolated ports are sent to the primary port.

They are not flooded to other ports in the isolated VLAN.

• Community – Broadcasts and unknown unicasts received on community ports are sent to

the primary port and also are flooded to the other ports in the community VLAN.

On PowerConnect B-Series TI24X devices, the broadcasts, unknown unicasts, and

unregistered multicast received on community ports are sent to the primary port and are

flooded to the other ports in the community VLAN.

Each private VLAN must have a primary VLAN. The primary VLAN is the interface between the

secured ports and the rest of the network. The private VLAN can have any combination of

community and isolated VLANs.The community VLAN and isolated VLAN cannot forward traffic to

each other. You cannot forwarding traffic between different private VLANs.

Table 42 list the differences between private VLANs and standard VLANs.

Configuration notes

NOTE

PowerConnect B-Series TI24X devices support 802.1Q tagged ports on private VLAN. Private VLAN

is a hardware-based feature. Private VLANs on the PowerConnect device forwards unknown-unicast,

unregistered multicast, and broadcast in hardware.

• Normally, in any port-based VLAN, the device floods unknown unicast, unregistered multicast,

and broadcast packets in hardware, although selective packets, such as IGMP, may be sent to

only to the CPU for analysis, based on the IGMP snooping configuration. When Protocol or

Subnet VLANs are enabled, or if private VLAN mappings are enabled, the device will flood

unknown unicast, unregistered multicast, and broadcast packets in software.

• There is currently no support for IGMP snooping within private VLANs. In order for clients in

private VLANs to receive multicast traffic, IGMP snooping must be disabled so that all multicast

packets are treated as unregistered packets and are flooded in software to all the ports.

TABLE 42 Comparison of private VLANs and standard port-based VLANs

Forwarding behavior Private VLANs Standard VLANs

All ports within a VLAN constitute a

common Layer broadcast domain

No Yes

Broadcasts and unknown unicasts are

forwarded to all the VLAN ports by

default

No (isolated VLAN)

Yes (community VLAN)

Yes

Known unicasts Yes (forwarding is done only between

ports of the same community VLAN

and the primary VLAN port)

Yes