Configuring private vlans – Brocade TurboIron 24X Series Configuration Guide User Manual

Page 445

Advertising
background image

Brocade TurboIron 24X Series Configuration Guide

411

53-1003053-01

Configuring private VLANs

Configuring private VLANs

A private VLAN is a VLAN that has the properties of standard Layer 2 port-based VLANs but also
provides additional control over flooding packets on a VLAN.

Figure 52

shows an example of an

application using a private VLAN.

FIGURE 52

Private VLAN used to secure communication between a workstation and servers

This example uses a private VLAN to secure traffic between hosts and the rest of the network
through a firewall. Five ports in this example are members of a private VLAN. The first port (port 2)
is attached to a firewall. The next four ports (ports 5, 6, 9, and 10) are attached to hosts that rely
on the firewall to secure traffic between the hosts and the rest of the network. In this example, two
of the hosts (on ports 5 and 6) are in a community private VLAN, and thus can communicate with
one another as well as through the firewall. The other two hosts (on ports 9 and 10), are in an
isolated VLAN and thus can communicate only through the firewall. The two hosts are secured from
communicating with one another even though they are in the same VLAN.

By default,unknown-unicast, unregistered multicast, and broadcast are flooded in PVLAN.

By default, the private VLAN does not forward broadcast or unknown-unicast packets from outside
sources into the private VLAN. If needed, you can override this behavior for broadcast packets,
unknown-unicast packets, or both. (Refer to

“CLI example for Figure 52”

on page 415.)

You can configure a combination of the following types of private VLANs:

Primary – The primary private VLAN ports are “promiscuous”. They can communicate with all
the isolated private VLAN ports and community private VLAN ports in the isolated and
community VLANs that are mapped to the promiscuous port.

Private VLAN

Port-based VLAN

Forwarding among
private VLAN ports

A private VLAN secures traffic
between a primary port and host
ports.

Traffic between the hosts and
the rest of the network must
travel through the primary port.

VLAN 7
primary

VLAN 901, 903
community

VLAN 902
isolated

9

10

2

5

6

Firewall

Advertising
Popular Brands
Popular manuals