System information
Cisco Cat3K ST 6 June 2012
52
TOE SFRs How the SFR is Met
The TOE controls the flow of Ethernet traffic by matching VLAN tag
information contained in the Ethernet frame headers against a set of rules
specified by the authorized administrator in the VLAN flow control policies.
VLANs enforce separation of traffic that terminates at the TOE, as well as
traffic flowing through the TOE. VLANs are also used to isolate the TOE’s
use of routing protocols for routing table updates, and the associated
neighbor router authentication. VLAN Trunking Protocol (VTP) is a Layer 2
messaging protocol that maintains VLAN configuration consistency by
managing the addition, deletion, and renaming of VLANs on a network-wide
basis. VTP minimizes misconfigurations and configuration inconsistencies that
can cause several problems, such as duplicate VLAN names, incorrect VLAN-
type specifications, and security violations.
The VLAN SFP includes support for Private VLANs (PVLANs). PVLANs
partition a regular VLAN domain into subdomains. A subdomain is
represented by a pair of VLANs: a primary VLAN and a secondary VLAN. A
PVLAN can have multiple VLAN pairs, one pair for each subdomain.
In the following diagram there are two types of secondary VLANs illustrated:
• Isolated VLANs—Ports within an isolated VLAN cannot communicate
with each other at the Layer 2 level.
• Community VLANs—Ports within a community VLAN can
communicate with each other but cannot communicate with ports in
other communities at the Layer 2 level.
PVLANs provide Layer 2 isolation between ports within the same PVLAN.
PVLAN ports are access ports that are one of these types:
• Promiscuous—A promiscuous port belongs to the primary VLAN and
can communicate with all interfaces, including the community and