User manual
APS User Manual
178
1.2.11-5 Private VLAN
A private VLAN allows the administrator to configure a VLAN which contains switch ports that are
restricted, such that they can only communicate with a given uplink port. The restricted ports are
called private ports. Each private VLAN typically contains many private ports, and a single uplink. The
uplink will typically be a port (or link aggregation group) connected to a router, firewall, server,
provider network, or similar central resource.
The switch forwards all frames received on a private port out the uplink port, regardless of VLAN ID
or destination MAC address. Frames received on an uplink port are forwarded in the normal way
(i.e., to the port hosting the destination MAC address, or to all VLAN ports for unknown destinations
or broadcast frames). Traffic from individual ports are blocked from communicating with each other,
all ports can only communicate with the uplink port.
1.2.11-5-1 Private VLAN Membership
The Private VLAN membership configurations for the switch can be monitored and configured here.
Private VLAN’s can be added or deleted and port members of each Private VLAN can be added or
removed here. Private VLAN’s are based on the source port mask, and there are no connections to
VLAN’s. This means that VLAN ID’s and Private VLAN ID’s can be identical. A port must be a member
of both a VLAN and a Private VLAN to be able to forward packets. By default, all ports are VLAN
unaware and members of VLAN 1 and Private VLAN 1. A VLAN unaware port can only be a member
of one VLAN, but it can be a member of multiple Private VLAN’s.
Web Interface
To configure the Private VLAN Membership settings via the Web Interface:
1. Click Configuration, VLAN, Private VLAN’s and Private VLAN Membership.
2. To add a new Private VLAN click “Add New Private VLAN”.
3. Specify the Private VLAN ID and Port Members.
4. Click the Apply button to save your changes or the Reset button to revert to previous
settings.