Private VLAN in Solaris 11.3
The first guest blog article here! This article is from my colleague, Eric yu.
In this blog we are going to talk about the Private VLAN feature in Solaris 11.3.
PVLAN allows you to divide a VLAN into sub-VLANs to isolate network traffic.
More details about Private VLAN can be found in here (https://en.wikipedia.org/wiki/Private_VLAN).
In Solaris 11.3 we support isolated VLAN and community VLAN. As you may already
familiar with the Solaris dladm create-vlan command, PVLAN can be managed by
this command too. Here's some quick examples on how to manage PVLAN vnics in
Create an isolated VLAN, and this isolated vlan can only talk to its primary
VLAN, and not other secondary VLANs.
# dladm create-vlan -l net0 -v 3,100,isolated vlan0
Create an community VLAN, this community VLAN can talk to other VNICs within
the same community -
# dladm create-vlan -l net0 -v 3,101,community vlan0
And this is how we delete a PVLAN vnic, just like what we do with other types of
# dladm delete-vlan vlan0
You can also assign a PVLAN to a Solaris zone:
global# zonecfg -z zone1
zonecfg:zone2> add anet
zonecfg:zone2:anet> set vlan-id=100,200,community
global# zoneadm -z zone reboot
In Solaris 11.3, you could also set the tag mode property for PVLAN, such that t
he outgoing traffic could be either tagged with the primary VLAN or secondary VLAN.
Set the tag mode to secondary:
# dladm set-linkprop -p pvlan-tagmode=secondary net0