Manualshelf

Owner's Manual

ManualsBrandsNetgear ManualsHubsNetgear XCM8806
251252253254255256257258259260
Chapter 9. VLANs | 255
NETGEAR 8800 User Manual
VLAN isolation within the PVLAN is established by configuring a VLAN to be an isolated
subscriber VLAN and adding ports to the isolated VLAN. Unlike normal VLANs, ports in an
isolated VLAN cannot communicate with other ports in the same VLAN over Layer
2 or
Layer
3. The ports in an isolated VLAN can, however, communicate with Layer 2 devices on
the network side of the PVLAN through the network VLAN. When the network VLAN egress
port is configured for tag translation, isolated VLAN ports also participate in uplink tag
translation. When isolated subscriber VLAN ports are configured as tagged, egress packets
are tagged with the isolated VLAN tag. As with standard VLANs and non-isolated VLANs,
isolated ports cannot communicate through Layer
2 with ports in other subscriber VLANs.
PVLAN Support over Multiple Switches
A PVLAN can span multiple switches. Figure 14 shows a PVLAN that is configured to
operate on two switches.
Figure 14. Private VLAN Support on Multiple Switches
A PVLAN can span many switches. For simplicity, Figure 14 shows only two switches, but
you can extend the PVLAN to additional switches by adding connections between the
network VLANs in each switch. The ports that connect two PVLAN switches must be
configured as regular tagged ports. The network and subscriber VLANs on each switch must
be configured with the same tags.
Note: Although using the same VLAN names on all PVLAN switches might
make switch management easier, there is no software requirement
to match the VLAN names. Only the tags must match.
When a PVLAN is configured on multiple switches, the PVLAN switches function as one
PVLAN switch. Subscriber VLAN ports can access the network VLAN ports on any of the
PVLAN switches, and non-isolated VLAN ports can communicate with ports in the same
12 34
56
7
8
30 31 32 33
Private VLAN
Private VLAN
Network VLAN
Tagged 1
Subscriber
Isolated VLAN
Tagged 103
Subscriber
Isolated VLAN
Tagged 103
Switch 1
Switch 2
EX_vlan_0030
20 2 1 22
Subscriber
Non-Isolated VLAN
Tagged 102
Preserve tag Tag 102
translate
101 to 1
or
preserve
tag
Subscriber
Non-Isolated VLAN
Tagged 101
12 34
5
678
30
31
32 33
Subscriber
Non-Isolated VLAN
Tagged 101
Network VLAN
Tagged 1
Preserve tag 103
Tag 103
Tag 102
21 22 23
Subscriber
Non-Isolated VLAN
Tagged 102