DELL N3000 User Manual

Configuring VLANs

• Isolated VLAN—A secondary VLAN. It carries traffic from isolated ports 

to promiscuous ports. Only one isolated VLAN can be configured per 

private VLAN.

•

Community VLAN—A secondary VLAN. It forwards traffic between ports 

which belong to the same community and to the promiscuous ports. There 

can be multiple community VLANs per private VLAN.

A port may be designated as one of the following types in a private VLAN:

• Promiscuous port—A port associated with a primary VLAN that is able to 

communicate with all interfaces in the private VLAN, including other 

promiscuous ports, community ports and isolated ports.

•

Host port—A port associated with a secondary VLAN that can either 

communicate with the promiscuous ports in the VLAN and with other 

ports in the same community (if the secondary VLAN is a community 

VLAN) or can communicate only with the promiscuous ports (if the 

secondary VLAN is an isolated VLAN).

Private VLANs may be configured across a stack and on physical and port-

channel interfaces.

Private VLANs are typically implemented in a DMZ for security reasons. 

Servers in a DMZ are generally not allowed to communicate with each other 

but they must communicate to a router, through which they are connected to 

the users. Such servers are connected to host ports, and the routers are 

attached to promiscuous ports. Then, if one of the servers is compromised, 

the intruder cannot use it to attack another server in the same network 

segment.
The same traffic isolation can be achieved by assigning each port with a 

different VLAN, allocating an IP subnet for each VLAN, and enabling layer 3 

routing between them. In a private VLAN domain, on the other hand, all 

members can share the common address space of a single subnet, which is 

associated with a primary VLAN. So, the advantage of the private VLANs 

feature is that it reduces the number of consumed VLANs, improves IP 

addressing space utilization, and helps to avoid layer 3 routing.