Protected ports vlan overview – Allied Telesis AT-S63 User Manual

Chapter 26: Protected Ports VLANs

620

Section V: VLANs

Protected Ports VLAN Overview

The purpose of a protected ports VLAN is to allow multiple ports on the
switch to share the same uplink port but not share traffic with each other.

This feature has some of the same characteristics as the multiple VLAN
modes described in the previous chapter. In a protected ports VLAN, each
port is considered a separate LAN segment that can only communicate
with an uplink port. The result is a configuration appropriate in network
environments that require a great deal of segmentation.

One of the advantages of a protected ports VLAN is that it offers more
flexibility. With the multiple VLAN modes, you can select only one uplink
port which is shared by all the other ports. Also, you are not allowed to
modify the configuration.

With protected ports VLANs, you can create LAN segments that consist of
more than one port and you can specify multiple uplink ports.

Another advantage is that the switch can support protected ports VLANs
as well as port-based and tagged VLANs simultaneously, something that
is not allowed with the multiple VLAN modes.

An important concept of this feature is groups. A group is a selection of
one or more ports that function as a LAN segment within the VLAN. The
ports in each group are independent of the ports in the other groups of the
VLAN. The ports of a group can share traffic only amongst themselves
and with the uplink port, but not with ports in other groups of the VLAN.

A protected ports VLAN can consist of two or more groups and a group
can consist of one or more ports. The ports of a group can be either
tagged or untagged.

This type of VLAN also shares some common features with tagged
VLANs, where one or more ports are shared by different LAN segments.
But there are significant differences. First, all the ports in a tagged VLAN
are considered a LAN segment, while the ports in a protected ports VLAN,
though residing within a single VLAN, are subdivided into the smaller unit
of groups, which represent the LAN segments.

Second, a tagged VLAN, by its nature, contains one or more tagged ports.
These are the ports that are shared among one or more tagged VLANs.
The device connected to a tagged port must be 802.1Q compliant and it
must be able to handle tagged packets.

In contrast, the uplink port in a protected ports VLAN, which is shared by
the ports in the different groups, can be either tagged or untagged. The
device connected to it does not necessarily need to be 802.1Q compliant.