Owner's Manual
Chapter 9. VLANs | 265
NETGEAR 8800 User Manual
Figure 16. PVLAN Configuration Example 1
The medical research lab hosts lots of visiting clients. Each client has their own room, and
the lab wants to grant them access to the internet through a local web proxy server but
prevent them from accessing other visiting clients. There is a lab in the building where many
research workstations are located. Workstations within the lab require access to other lab
workstations, the internet, and file servers that are connected to a switch in another building.
Visiting clients should not have access to the Research VLAN devices or the file servers on
the remote switch.
The PVLAN in Figure 16 contains the following PVLAN components:
• Network VLAN named Main, which provides internet access through the proxy web
server and access to file servers on the remote switch.
• Isolated subscriber VLAN named ClientConnections, which provides internet access for
visiting clients and isolation from other visiting clients, the Research VLAN devices, and
the remote file servers.
• Non-isolated subscriber VLAN named Research, which provides internet access and
enables communications between Research VLAN devices and the remote file servers.
The first configuration step is to create and configure the VLANs on the local switch:
create vlan Main
configure vlan Main add port 1:*
configure vlan Main tag 100
create vlan ClientConnections
Web
Proxy
Server
ClientConnections
VLAN
Client
Client
(slot 2, tag 200)
Main VLAN
(slot 1, tag100)
Research
VLAN
File
Server
File
Server
File
Server
(slot 3, tag 300)
EX_vlan_0003
Client
Client
Main VLAN
(slot 1, tag100)