Reference Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4820T

621

622

623

624

625

626

627

628

629

630

NOTE: Even after you disable ip-local-proxy-arp (no ip-local-proxy-arp) in a secondary VLAN,

Layer 3 communication may happen between some secondary VLAN hosts, until the ARP timeout happens on

those secondary VLAN hosts.

In parallel, on S50-1:

• Gi 0/3 is a promiscuous port and Gi 0/25 is a PVLAN trunk port, assigned to the primary VLAN 4000.

• Gi 0/4-6 are host ports. Gi 0/4 and Gi 0/5 are assigned to the community VLAN 4001, while Gi 0/6 is assigned to the

isolated VLAN 4003.

The result is that:

• The S50V ports would have the same intra-switch communication characteristics as described for the C300.

• For transmission between switches, tagged packets originating from host PVLAN ports in one secondary VLAN

and destined for host PVLAN ports in the other switch travel through the promiscuous ports in the local VLAN

4000 and then through the trunk ports (0/25 in each switch).

Inspecting the Private VLAN Configuration

The standard methods of inspecting configurations also apply in PVLANs.

To inspect your PVLAN configurations, use the following commands.

• Display the specific interface configuration.

INTERFACE mode and INTERFACE VLAN mode

show config

• Inspect the running-config, and, with the grep pipe option, display a specific part of the running-config.

show running-config | grep string

The following example shows the PVLAN parts of the running-config from the S50V switch in the topology diagram

previously shown.

• Display the type and status of the configured PVLAN interfaces.

show interfaces private-vlan [interface interface]

This command is specific to the PVLAN feature.

For more information, refer to the

Security

chapter in the

FTOS Command Line Reference Guide

• Display the configured PVLANs or interfaces that are part of a PVLAN.

show vlan private-vlan [community | interface | isolated | primary |

primary_vlan | interface interface]

This command is specific to the PVLAN feature.

The following examples show the results of using this command without the command options on the C300 and S50V

switches in the topology diagram previously shown.

• Display the primary-secondary VLAN mapping. The following example shows the output from the S50V.

show vlan private-vlan mapping

This command is specific to the PVLAN feature.

The show arp and show vlan commands are revised to display PVLAN data.

Example of Viewing a Private VLAN (C300)

c300-1#show vlan private-vlan

Primary Secondary Type Active Ports

------- --------- --------- ------ --------------

4000 Primary Yes Gi 0/0,23,25

628