IP Helper and Routing with PVLAN (OS10)

Hi,

We have a VLAN which has multiple access switches for a client type. The VLAN is configured with private-vlan mode isolated.

interface vlan116

 private-vlan mode isolated

no shutdown

To hand this network off to another router, we have another VLAN as follows:

interface vlan1116

 private-vlan mode primary

 private-vlan mapping secondary-vlans 116

no shutdown

This all works as intended. However, we are now considering using a DHCP relay on the switch rather than the upstream router.

We need the primary VLAN to be in L3 mode for this to work. I.e. something like:

interface vlan1116

 mode L3

 private-vlan mode primary

 private-vlan mapping secondary-vlans 116

 no shutdown

 ip helper-address xxx.xxx.xxx.xxx

 ip helper-address  yyy.yyy.yyy.yyy

 ip address zzz.zzz.zzz.zzz/24

 ip local-proxy-arp

Local proxy ARP is required according to the documentation at https://www.dell.com/support/manuals/da-dk/smartfabric-os10-emp-partner/smartfabric-os-user-guide-10-5-4/configure-an-ipv4-address-and-local-proxy-arp-on-a-pvlan-interface?guid=guid-d03b70e1-f671-41c6-8bcf-529042956638&lang=en-us

This configuration works too. However, we do not want clients to be able to use the IP address of the switch (zzz.zzz.zzz.zzz) for routing. The address is there only for the purpose of the DHCP relay.

One way to solve this would be to put the interface into a separate VRF and blackhole all traffic. However, OS10 does not allow a private VLAN to be in a VRF. Do you have any ideas on how I might solve this problem?

An obscure solution that I can see would be to create a separate L3 VLAN with the IP helper. To bridge this into the VLAN 1116, I would need to use a physical cable between two ports on the switch. I do not want actually to do it this way.