Manualshelf

Specifications

ManualsBrandsAllied Telesis ManualsComputer equipmentRapier 8
21222324252627282930
8-22 Rapier Switch Software Reference
Software Release 2.7.3
C613-03098-00 REV A
Protected VLANs
If a VLAN is protected, Layer 2 traffic between ports that are members of a
protected VLAN is blocked. Traffic can be Layer 3 switched to another VLAN.
This feature prevents members of a protected VLAN from communicating with
each other yet still allows members to access another network. Layer 3 Routing
between ports in a protected VLAN can be prevented by adding a Layer 3
filter. The protected VLAN feature also allows all of the members of the
protected VLAN to be in the same subnet.
A typical application is a hotel installation where each room has a port that can
be used to access the Internet. In this situation it is undesirable to allow
communication between rooms.
To create a protected VLAN, use the create vlan command on page 8-95 with
the protected parameter.
Private VLANs
A private VLAN contains switch ports that are isolated from other ports in the
VLAN, but can access another network through an uplink port or uplink trunk
group. These ports are called private ports. Private ports may be standalone or
be combined into groups. Standalone private ports can only communicate with
the uplink port, not with other ports in the VLAN. Private ports that are in a
group can communicate with other ports in the group and with the uplink
port, but cannot communicate with the other private ports in the VLAN.
The switch forwards traffic between private ports and the uplink port, and
between private ports within a group, according to its normal forwarding
rules. The only difference is that forwarding to other private ports is blocked
unless the ports are in the same group. Note that all traffic between private
ports is blocked, not only Layer 2 traffic.
A typical application is a hotel installation where each room has a port that can
access the Internet. In this situation it is undesirable to allow communication
between rooms. Another application is to simplify IP address assignment.
Ports can be isolated from each other while belonging to the same subnet.
Figure 8-4 on page 8-23 shows an example of a network using private VLANs.
In this scenario, two service providers are each providing multiple services
through multiple VLANs over separate uplinks. Customers are subscribed to
services from one or both service providers. Each customer’s ports are isolated
from other customers, but communicate with the ISP or ISPs through the
appropriate uplink port. A single customer may use multiple ports, connected
to individual PCs or trunked together to increase bandwidth. If a customer
uses multiple ports, these ports are able to communicate with each other.