Manualshelf

User's Manual

ManualsBrandsPLANET Technology ManualsLAN SwitchesLayer 3 48-Port 10G SFP+ + 2-Port 40G QSFP+ + 4-Port 100G QSFP28 Managed Switch
221222223224225226227228229230
230
Chapter 33 Private VLAN Settings
33.1 Overview of Private VLAN
Private VLAN has settled the VLAN application problems facing ISPs: If ISP provides each user
with a VLAN, the support by each device of 4094 VLANs will restrict the total of ISP-supported users.
33.2 Private VLAN Type and Port Type in Private VLAN
Private VLAN subdivides the L2 broadcast domain of a VLAN into multiple sub-domains, each
of which consists of a private VLAN pair: a primary VLAN and a secondary VLAN. One private VLAN
domain may have multiple private VLAN pairs and each private VLAN pair stands for a sub-domain.
There is only one primary VLAN in a private VLAN domain and all private VLAN pairs share the same
primary VLAN. The IDs of secondary VLANs in each sub-domain differ with each other.
33.2.1 Having One Primary VLAN Type
Primary VLAN: It is relevant to a promiscuous port and only one primary VLAN exists in the
private VLAN. Each port in the primary VLAN is a member in the primary VLAN.
33.2.2 Having Two Secondary VLAN Types
Isolated VLAN: No layer-2 communication can be conducted between two ports in the same
isolated VLAN. Also, there is only one isolated VLAN in a private VLAN. The isolated VLAN
must be related with the primary VLAN.
Community VLAN: Layer-2 communication can be conducted between two ports in the same
VLAN, but they have no communication with the ports in another community VLAN. One private
VLAN may contain multiple community VLANs. The community VLAN must be related with the
primary VLAN.
33.2.3 Port Types Under the Private VLAN Port
Promiscuous port: it belongs to the primary VLAN. It can communicate with all other ports,
including the isolated port and community port of a secondary VLAN in the same private VLAN.
Isolated port: It is the host port in the isolated VLAN. In the same private VLAN, the isolated
port is totally L2 isolated from other ports except the promiscuous port, so the flows received
from the isolated port can only be forwarded to the promiscuous port.
Community port: It is the host port in the community VLAN. In a private VLAN, the community
ports of the same community VLAN can conduct L2 communication each other or with the
promiscuous port, but not with the community ports of other VLANs and the isolated ports in the
isolated VLANs.
33.2.4 Modifying the Fields in VLAN TAG
This functionality supports to modify the VLAN ID and priority in VLAN tag and decides whether the egress