Filter
Top Products
Configuring VLANs
Defining Private VLANs
Page 113
Defining Private VLANs
Private VLANs (PVLAN) increase network security by limiting inter-port communication within a VLAN. Private
VLANs limit network traffic at the Layer 2 level. Network administrators define a Primary VLAN. Within the Primary
VLAN there are Isolated and Community VLANs. Private VLAN ports can have the following states:
• Promiscuous — Promiscuous ports can communicate with all ports within a PVLAN. All promiscuous pack-
ets are automatically assigned to both the Isolated and the Community VLANs.
• Isolated — Isolated ports are completely isolated from other ports in the same PVLAN. However isolated
ports can communicate with promiscuous ports. In addition, all traffic to and from isolated ports with a VLANs
is blocked, except for traffic from promiscuous ports. All isolated ports are automatically assigned to the Iso-
lated VLAN.
• Community — Community ports communicate with other community ports and with promiscuous ports.
Community ports are separated from all other interfaces in other communities or isolated ports in the same
PVLAN. All community ports are automatically assigned to the Community VLAN and to the Private VLAN.
Notes
• Ports cannot be defined as either promiscuous or isolated port if the ports are existing VLAN members.
Notes
• Previously created VLANs cannot be configured as isolated or community VLANs.
Notes
• Isolated and Community VLANs are included in the total VLAN count.
If the Primary VLAN is deleted, both the Isolated and the Community VLANs are also deleted. In addition, the Iso-
lated and Community VLANs only forward untagged traffic. To define Private VLANs:
1. Click Basic Setup > VLAN >Private VLANs. The Private VLANs Page opens.