3 private vlan – Planet Technology SGSD-1022 User Manual

Page 194

Advertising
background image

User’s Manual of SGSD-1022 / SGSD-1022P

SGSW-2840 / SGSW-2840P

194

4.8.3 Private VLAN

Private VLANs provide port-based security and isolation between ports within the assigned VLAN. This Managed Switch

supports two types of private VLANs:

„

primary / secondary associated groups

„

stand-alone isolated VLANs.

A primary VLAN contains promiscuous ports that can communicate with all other ports in the private VLAN group, while a

secondary (or community) VLAN contains community ports that can only communicate with other hosts within the secondary

VLAN and with any of the promiscuous ports in the associated primary VLAN. Isolated VLANs, on the other hand, consist a

single stand-alone VLAN that contains one promiscuous port and one or more isolated (or host) ports. In all cases, the

promiscuous ports are designed to provide open access to an external network such as the Internet, while the community or

isolated ports provide restricted access to local users.

Multiple primary VLANs can be configured on this Managed Switch, and multiple community VLANs can be associated with

each primary VLAN. One or more isolated VLANs can also be configured.

Private VLANs and normal VLANs can exist simultaneously within the same switch.

„

Primary / secondary Associated Group

To configure primary/secondary associated groups, follow these steps:

1. Use

the

Private VLAN Configuration

menu to designate one or more community VLANs, and the primary VLAN that will

channel traffic outside of the VLAN groups.

2. Use

the

Private VLAN Association

menu to map the secondary (i.e., community) VLAN(s) to the primary VLAN.

3. Use

the

Private VLAN Port Configuration

menu to set the port type to promiscuous (i.e., having access to all ports in the

primary VLAN), or host (i.e., having access restricted to community VLAN members, and channeling all other traffic through

promiscuous ports). Then assign any promiscuous ports to a primary VLAN and any host ports a community VLAN.

„

Isolated VLAN

To configure an isolated VLAN, follow these steps:

1. Use

the

Private VLAN Configuration

menu to designate an isolated VLAN that will channel all traffic through a single

promiscuous port.

2. Use

the

Private VLAN Port Configuration

menu to set the port type to promiscuous (i.e., the single channel to the

external network), or isolated (i.e., having access only to the promiscuous port in its own VLAN). Then assign the

promiscuous port and all host ports to an isolated VLAN.

Advertising
Popular Brands
Popular manuals