Reference Guide
696 | Private VLANs
www.dell.com | support.dell.com
Private VLAN Concepts
The VLAN types in a private VLAN (PVLAN) include:
Community VLAN — A
community VLAN is a type of secondary VLAN in a primary VLAN:
• Ports in a community VLAN can communicate with each other.
• Ports in a community VLAN can communicate with all promiscuous ports in the primary VLAN.
• A community VLAN can only contain ports configured as
host.
Isolated VLAN — An isolated VLAN is a type of secondary VLAN in a primary VLAN:
• Ports in an isolated VLAN cannot talk directly to each other.
• Ports in an isolated VLAN can only communicate with promiscuous ports in the primary VLAN.
• An isolated VLAN can only contain ports configured as
host.
Primary VLAN—A primary VLAN is the base VLAN of a private VLAN:
• A switch can have one or more primary VLANs, and it can have none.
• A primary VLAN has one or more secondary VLANs.
• A primary VLAN and each of its secondary VLANs decrement the available number of VLAN IDs in
the switch.
• A primary VLAN has one or more promiscuous ports.
• A primary VLAN might have one or more trunk ports, or none.
Secondary VLAN — A
secondary VLAN is a subdomain of the primary VLAN. There are two types of
secondary VLAN — community VLAN and isolated VLAN.
PVLAN port types:
• Community port: A community port is, by definition, a port that belongs to a community VLAN and
is allowed to communicate with other ports in the same community VLAN and with promiscuous
ports.
• Host port: A host port, in the context of a private VLAN, is a port in a secondary VLAN:
• The port must first be assigned that role in INTERFACE mode.
• A port assigned the host role cannot be added to a regular VLAN.
• Isolated port: An isolated port is, by definition, a port that, in Layer 2, can only communicate with
promiscuous ports that are in the same PVLAN.
• Promiscuous port: A promiscuous port is, by definition, a port that is allowed to communicate with
any other port type in the PVLAN:
• A promiscuous port can be part of more than one primary VLAN.
• A promiscuous port cannot be added to a regular VLAN.
• Trunk port: A trunk port, by definition, carries traffic between switches:
• A trunk port in a PVLAN is always tagged.
• Primary or secondary VLAN traffic is carried by the trunk port in tagged mode. The tag on the
packet helps identify the VLAN to which the packet belongs.
• A trunk port can also belong to a regular VLAN (non-private VLAN).