When several devices communicate with a Layer 2 broadcast domain DMZ, it is possible for a rogue device to introduce itself into a VLAN and cause serious security issues on the network. The previous solution to this problem was to assign a separate VLAN to each user. This resulted in a network that requires many VLANs, is difficult to scale, and makes IP address management more complicated. Using private VLANs (or PVLANs) addresses the Layer 2 security, without scalability issues, and provides IP address management benefits for service providers.

Advantages of deploying private VLANs in a multi-server network include enhanced security, reduction in IP address space usage, administrative accessibility, less L3 routing, and fewer VLANs. Dell’s PowerConnect 5.0 firmware allows users a way to setup private VLANs to take advantage of these features.

Private VLANs partition a standard VLAN domain into two or more subdomains. Each subdomain is defined by a primary VLAN and a secondary VLAN. The primary VLAN ID is the same for all subdomains that belong to a particular private VLAN instance. The secondary VLAN ID differentiates the subdomains from each other and provides layer 2 isolation between ports on the same private VLAN.



Private VANs are also available on the Dell PowerConnect 3000 and 5000 series platforms, however the technology and commands for these systems are not covered in this document.