Owner's Manual
258 | Chapter 9. VLANs
NETGEAR 8800 User Manual
The network VLAN entry is used when traffic comes in from the network ports destined for an
non-isolated port.
Isolated Subscriber VLAN
When a new MAC address is learned on an isolated subscriber VLAN port, two entries are
added to the FDB table:
• MAC address, isolated subscriber VLAN tag, port number, and a flag that indicates that
the packet should be dropped
• MAC address, network VLAN tag, port number, and a special flag for tag translation
Ports in the isolated VLAN do not communicate with one another. If a port in the isolated
VLAN sends a packet to another port in the same VLAN that already has an entry in the FDB,
that packet is dropped. You can verify the drop packet status of an FDB entry by using the
show fdb command. The D flag indicates that packets destined for the listed address are
dropped.
The network VLAN entry is used when traffic comes in from the network ports destined for an
isolated port.
Network VLAN
When a new MAC address is learned on a network VLAN port, the following entry is added to
the FDB table: MAC address, network VLAN tag, and port number.
For every subscriber VLAN belonging to this PVLAN, the following entry is added to the FDB
table: MAC address, subscriber VLAN tag, and port number
Calculating the Total FDB Entries for a PVLAN
The following formula can be used to estimate the maximum number of FDB entries for a
PVLAN:
FDB
total
= [(MAC
non-iso
+ MAC
iso
) * 2 + (MAC
network
* (VLAN
non-iso
+ VLAN
iso
+ 1))]
The formula components are as follows:
• MAC
non-iso
= number of MAC addresses learned on all the non-isolated subscriber
VLANs
• MAC
iso
= number of MAC addresses learned on all the isolated subscriber VLANs
• MAC
network
= number of MAC addresses learned on the network VLAN
• VLAN
non-iso
= number of non-isolated subscriber VLANs
• VLAN
iso
= number of isolated subscriber VLANs