Reference Guide
1184 | Private VLAN (PVLAN)
www.dell.com | support.dell.com
• A primary VLAN can have any number of community VLANs and isolated
VLANs.
• Private VLANs block all traffic to isolated ports except traffic from promiscuous
ports. Traffic received from an isolated port is forwarded only to promiscuous
ports or trunk ports.
Community VLAN:
A community VLAN is a secondary VLAN of the primary VLAN:
• Ports in a community VLAN can talk to each other. Also, all ports in a
community VLAN can talk to all promiscuous ports in the primary VLAN and
vice-versa.
• Devices on a community VLAN can communicate with each other via member
ports, while devices in an isolated VLAN cannot.
Isolated VLAN:
An isolated VLAN is a secondary VLAN of the primary VLAN:
• Ports in an isolated VLAN cannot talk to each other. Servers would be mostly
connected to isolated VLAN ports.
• Isolated ports can talk to promiscuous ports in the primary VLAN, and
vice-versa.
Port types:
• Community port: A community port is, by definition, a port that belongs to a
community VLAN and is allowed to communicate with other ports in the same
community VLAN and with promiscuous ports.
• Isolated port: An isolated port is, by definition, a port that, in Layer 2, can only
communicate with promiscuous ports that are in the same PVLAN.
• Promiscuous port: A promiscuous port is, by definition, a port that is allowed to
communicate with any other port type.
• Trunk port: A trunk port, by definition, carries VLAN traffic across switches:
• A trunk port in a PVLAN is always tagged.
• Primary or secondary VLAN traffic is carried by the trunk port in tagged mode. The tag on the
packet helps identify the VLAN to which the packet belongs.
• A trunk port can also belong to a regular VLAN (non-private VLAN).
ip local-proxy-arp
c s
Enable/disable Layer 3 communication between secondary VLANs in a private
VLAN.
Syntax
[no] ip local-proxy-arp