When several devices communicate with a Layer 2 broadcast domain DMZ, it is possible for a rogue device to introduce itself into a VLAN and cause serious security issues on the network. The previous solution to this problem was to assign a separate VLAN to each user. This resulted in a network that requires many VLANs, is difficult to scale, and makes IP address management more complicated. Using private VLANs (or PVLANs) addresses the Layer 2 security, without scalability issues, and provides IP address management benefits for service providers.

Advantages of deploying private VLANs in a multi-server network include enhanced security, reduction in IP address space usage, administrative accessibility, less L3 routing, and fewer VLANs. Dell’s PowerConnect 5.0 firmware allows users a way to setup private VLANs to take advantage of these features.

Private VLANs partition a standard VLAN domain into two or more subdomains. Each subdomain is defined by a primary VLAN and a secondary VLAN. The primary VLAN ID is the same for all subdomains that belong to a particular private VLAN instance. The secondary VLAN ID differentiates the subdomains from each other and provides layer 2 isolation between ports on the same private VLAN.

Note:

 

Private VANs are also available on the Dell PowerConnect 3000 and 5000 series platforms, however the technology and commands for these systems are not covered in this document.