Owner's Manual

ManualsBrandsNetgear ManualsHubsNetgear XCM8806

251

252

253

254

255

256

257

258

259

260

254 | Chapter 9. VLANs

NETGEAR 8800 User Manual

Figure 13. Private VLAN Switch Components

There is one network VLAN in each PVLAN. Ports within a network VLAN, called network

ports, can communicate with all VLAN ports in the PVLAN. Network devices that connect to

the network VLAN ports are considered to be on the network side of the switch.

The network VLAN aggregates the uplink traffic from the other VLANS, called subscriber

VLANs, for egress communications on a network VLAN port. A network port can serve only

one PVLAN, but it can serve one or more subscriber VLANs. Ingress communications on the

network VLAN port are distributed to the appropriate subscriber VLANs for distribution to the

appropriate ports. Devices that connect to subscriber VLAN ports are considered to be on the

subscriber side of the switch.

Tag translation within the PVLAN is managed at the egress ports. To enable tag translation

for uplink traffic from the subscriber VLANs, you must enable tag translation on the

appropriate network VLAN port. Tag translation is automatically enabled on subscriber VLAN

egress ports when the subscriber VLAN is created and the port is added to the VLAN as

tagged. Egress traffic from a subscriber VLAN is always tagged with the subscriber VLAN tag

when the port is configured as tagged.

A non-isolated subscriber VLAN is basically a standard VLAN that can participate in tag

translation through the network VLAN when VLAN translation is enabled on the network

VLAN port. You can choose to not translate tags on a network VLAN port, but this is generally

used only for extending a PVLAN to another switch. A non-isolated subscriber VLAN that

does not use tag translation is functionally equivalent to a regular VLAN, so it is better to

create non-isolated VLANs only when you plan to use tag translation.

Ports in a non-isolated VLAN can communicate with other ports in the same VLAN, ports in

the network VLAN, and destinations on the network side of the switch. As with standard

VLANs, non-isolated ports cannot communicate through Layer

2 with ports in other

subscriber VLANs.

In Figure 12, the Engineering and Marketing VLANs are configured as non-isolated

subscriber VLANs, which means that they act just like traditional VLANs, and they can

participate in tag translation when VLAN translation is enabled on a network VLAN port that

leads to network side location.

Network VLAN

VLAN1

Isolated

subscriber VLAN

Guests

Non-Isolated

subscriber VLAN

Engineering

Non-Isolated

subscriber VLAN

Marketing

Private VLAN

To main core routerTag 1 0

Tag 1 02 Tag 101 Tag 50

EX_vlan_0021