Users Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S3048-ON

661

662

663

664

665

666

667

668

669

670

● You can configure a regular VLAN as a PVLAN only when it does not have any member ports associated with it. Remove the

member ports from a VLAN before you configure it as a PVLAN.

● To convert a PVLAN to a regular VLAN, you must remove the PVLAN mode. Ensure that you remove the member ports from

the PVLAN and the primary and secondary VLAN mapping before you remove the PVLAN mode.

● You can configure an L2 switch port as a PVLAN port using the private-vlan mode {promiscuous | secondary-

port} command. To convert the PVLAN port back to a regular L2 port, ensure that the port is not part of any PVLAN.

● You can configure 802.1x authentication on PVLAN member ports.

● For scaled L2 deployments, configure L2 VLAN scale profile using the scale-profile vlan command to scale the

VLANs in an optimal way.

● If L3 routing is required in an L2-scale profile, use the mode L3 command in the primary VLAN.

● You cannot configure PVLAN and virtual extensible LAN (VXLAN) on the same set of VLANs and ports.

● Enable local proxy ARP and configure an IPv4 address on the primary VLAN for IPv4 communication between devices that

are connected to different secondary VLANs or isolated ports within the same PVLAN.

● Dell Technologies recommends the following:

○ Enable peer routing in a VLT topology.

○ Configure unique, static MAC addresses in a PVLAN domain including all the associated VLANs.

● Associating a PVLAN port, secondary or promiscuous, to a VLAN consumes additional hardware resources.

● For information about PVLAN interaction with other features, see PVLAN and other features.

Configure a PVLAN domain

This section describes how to configure a PVLAN domain.

This task includes configuring primary, community, and isolated VLANs and associating a member port with each of these

VLANs.

1. Configure a primary VLAN.

a. Create a VLAN.

OS10# configure terminal

OS10(config)# interface vlan 10

b. Configure the VLAN mode as primary VLAN.

OS10(conf-if-vl-10)# private-vlan mode primary

c. Configure a promiscuous port.

OS10(config)# interface ethernet 1/1/1

OS10(conf-if-eth1/1/1)# private-vlan mode promiscuous

OS10(conf-if-eth1/1/1)# switchport mode trunk

OS10(conf-if-eth1/1/1)# switchport trunk allowed vlan 10

2. Create an isolated VLAN.

a. Create a VLAN.

OS10(config)# interface vlan 20

b. Configure the PVLAN mode as an isolated VLAN.

OS10(conf-if-vl-20)# private-vlan mode isolated

c. Configure a secondary port.

Configure the Switchport mode as trunk to tag the port in multiple VLANs.

OS10(config)# interface ethernet 1/1/2

OS10(conf-if-eth1/1/2)# switchport mode trunk

OS10(conf-if-eth1/1/2)# private-vlan mode secondary-port

d. Associate the secondary port to the isolated VLAN.

OS10(conf-if-eth1/1/2)# switchport trunk allowed vlan 20

3. Create a community VLAN.

Layer 2

665