Filter
Top Products
Chapter 53: Private Port VLANs
802
Overview
Private VLANs (also called private port VLANs) create special broadcast
domains in which the traffic of the member ports is restricted to just uplink
ports. Ports in a private VLAN are only allowed to forward traffic to and
receive traffic from a designated uplink port, and are prohibited from
forwarding traffic to each other.
An example application of a private VLAN would be a library in which user
booths each have a computer with Internet access. In this situation, it
would usually be undesirable to allow communication between these
individual PCs. Connecting the computers to ports within a private isolated
VLAN would enable each computer to access the Internet or a library
server via a single connection, while preventing access between the
computers in the booths.
Another application for private VLANs is to simplify IP address
assignments. Ports can be isolated from each other while still belonging to
the same subnet.
A private VLAN generally consists of one or more host ports and an uplink
port.
Host Ports The host ports of a private VLAN can only forward traffic to, and receive
traffic from, an uplink port, and are prohibited from forwarding traffic to
each other. A private VLAN can have any number of host ports on the
switch, up to all the ports, minus the uplink port. A port can be a host port
of only one private VLAN at a time.
The host ports are untagged. VLAN membership is defined by their
PVIDs. The devices to which they are connected should not send tagged
packets.
Uplink Port The uplink port can be a promiscuous port or a trunk port.
An uplink port can communicate with all host ports in the private VLAN. A
promiscuous port acts like an untagged uplink port for a private VLAN.
Each private VLAN can have multiple promiscuous ports.
A trunk port may be configured as an uplink for a private VLAN.