Private vlans, Displaying current private vlans – LevelOne FGL-2870 User Manual

Configuring the Switch

3-228

3

Private VLANs

Private VLANs provide port-based security and isolation of local ports contained
within different private VLAN groups. This switch supports two types of private
VLANs – primary and community groups. A primary VLAN contains promiscuous
ports that can communicate with all other ports in the associated private VLAN
groups, while a community (or secondary) VLAN contains community ports that can
only communicate with other hosts within the community VLAN and with any of the
promiscuous ports in the associated primary VLAN. The promiscuous ports are
designed to provide open access to an external network such as the Internet, while
the community ports provide restricted access to local users.

Multiple primary VLANs can be configured on this switch, and multiple community
VLANs can be associated with each primary VLAN. (Note that private VLANs and
normal VLANs can exist simultaneously within the same switch.)

To configure primary/secondary associated groups, follow these steps:

1.

Use the Private VLAN Configuration menu (page 3-229) to designate one or
more community VLANs, and the primary VLAN that will channel traffic outside
of the VLAN groups.

2.

Use the Private VLAN Association menu (page 3-230) to map the secondary
(i.e., community) VLAN(s) to the primary VLAN.

3.

Use the Private VLAN Port Configuration menu (page 3-232) to set the port
type to promiscuous (i.e., having access to all ports in the primary VLAN), or
host (i.e., having access restricted to community VLAN members, and
channeling all other traffic through promiscuous ports). Then assign any
promiscuous ports to a primary VLAN and any host ports a community VLAN.

Displaying Current Private VLANs

The Private VLAN Information page displays information on the private VLANs
configured on the switch, including primary and community VLANs, and their
assigned interfaces.

Command Attributes
• VLAN ID – ID of configured VLAN (1-4094), and VLAN type.
• Primary VLAN – The VLAN with which the selected VLAN ID is associated. A

primary VLAN displays its own ID, and a community VLAN displays the associated
primary VLAN.

• Ports List – The list of ports (and assigned port type) in the selected private VLAN.