Configuring A Private Vlan - Dell PowerConnect B-RX Configuration Manual
Bigiron rx series configuration guide v02.7.02
Hide thumbs
Also See for PowerConnect B-RX:
- Configuration manual (1458 pages) ,
- Getting started manual (32 pages) ,
- Installation manual (240 pages)
Table of Contents
Advertisement
11
Private VLANs
•
•
•
•
Configuring a private VLAN
To configure a private VLAN, configure each of the component VLANs (isolated, community, and
public) as a separate port-based VLAN:
•
•
•
Configuration rules
•
•
•
•
•
308
The BigIron RX forwards all known unicast traffic in hardware. This differs from the way the
BigIron implements private VLANs, in that the BigIron uses the CPU to forward packets on the
primary VLAN's "promiscuous" port. In addition, on the BigIron, support for the hardware
forwarding in this feature sometimes results in multiple MAC address entries for the same MAC
address in the device's MAC address table. On the device, multiple MAC entries do not appear
in the MAC address table because the BigIron RX transparently manages multiple MAC entries
in hardware.
There is currently no support for IGMP Snooping within Private VLANs. In order to let clients in
Private VLANs get multicast traffic, IGMP Snooping must be disabled, so that all multicast
packets are treated as unregistered multicast packets and get flooded in software to all the
ports.
You can configure private VLANs and dual-mode VLAN ports on the same device. However, the
dual-mode VLAN ports cannot be members of Private VLANs.
A primary VLAN can have multiple ports. All these ports are active, but the ports that will be
used depends on the private VLAN mappings. Also, secondary VLANs (isolated and community
VLANs) can be mapped to multiple primary VLAN ports. For example:
pvlan mapping 901 ethernet 1/2
pvlan mapping 901 ethernet 2/2
pvlan mapping 901 ethernet 3/2
Use standard VLAN configuration commands to create the VLAN and add ports.
Identify the type private VLAN type (isolated, community, or public)
For the primary VLAN, map the other private VLANs to the ports in the primary VLAN
NOTE
Although a private VLAN resides within a port-based VLAN, the VLAN is considered to be
exclusively a private VLAN, not a port-based VLAN.
You cannot use the private VLAN feature and the dual-mode VLAN port feature on the same
device.
The Spanning Tree Protocol (STP) is independent of this feature, and can be enabled or
disabled in the individual port-based VLANs. However, private VLANs are not supported with
single-instance STP ("single span").
You can configure only one private VLAN within a given port-based VLAN. Thus, you must
configure a separate port-based VLAN for each private VLAN.
Each private VLAN can have only one primary VLAN and can not belong LACP ports.
Each private VLAN can have multiple isolated or community VLANs. You can use any
combination of isolated or community VLANs with the primary VLAN. You do not need to use
both isolated and community VLANs in the private VLAN.
BigIron RX Series Configuration Guide
53-1001810-01
Advertisement
Table of Contents
