Figure 16-1 – Dell POWEREDGE M1000E User Manual

16-2

Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide

OL-13270-03

Chapter 16 Configuring Private VLANs

Understanding Private VLANs

Figure 16-1

Private-VLAN Domain

There are two types of secondary VLANs:

•

Isolated VLANs—Ports within an isolated VLAN cannot communicate with each other at the
Layer 2 level.

•

Community VLANs—Ports within a community VLAN can communicate with each other but
cannot communicate with ports in other communities at the Layer 2 level.

Private VLANs provide Layer 2 isolation between ports within the same private VLAN. Private-VLAN
ports are access ports that are one of these types:

•

Promiscuous—A promiscuous port belongs to the primary VLAN and can communicate with all
interfaces, including the community and isolated host ports that belong to the secondary VLANs
associated with the primary VLAN.

•

Isolated—An isolated port is a host port that belongs to an isolated secondary VLAN. It has
complete Layer 2 separation from other ports within the same private VLAN, except for the
promiscuous ports. Private VLANs block all traffic to isolated ports except traffic from promiscuous
ports. Traffic received from an isolated port is forwarded only to promiscuous ports.

•

Community—A community port is a host port that belongs to a community secondary VLAN.
Community ports communicate with other ports in the same community VLAN and with
promiscuous ports. These interfaces are isolated at Layer 2 from all other interfaces in other
communities and from isolated ports within their private VLAN.

Note

Trunk ports carry traffic from regular VLANs and also from primary, isolated, and community VLANs.

201784

Private

Private

VLAN

VLAN

domain

domain

Private

VLAN

domain

Primary

VLAN

Subdomain

Subdomain

Secondary

community VLAN

Secondary

isolated VLAN

Subdomain

Subdomain

Secondary

community VLAN

Secondary

isolated VLAN