NETGEAR M4100-26G Switch User Manual


 
Switching Commands
68
ProSafe M4100 and M7100 Managed Switches
Private VLAN
The Private VLANs feature separates a regular VLAN domain into two or more subdomains.
Each subdomain is defined (represented) by a primary VLAN and a secondary VLAN. The
primary VLAN ID is the same for all subdomains that belong to a private VLAN. The
secondary VLAN ID differentiates subdomains from each other and provides Layer 2 isolation
between ports of the same private VLAN. The types of VLANs within a private VLAN are as
follows:
Primary VLAN—Forwards the traf
fic from the promiscuous ports to isolated ports,
community ports, and other promiscuous ports in the same private VLAN. Only one
primary VLAN can be configured per private VLAN. All ports within a private VLAN share
primary VLAN.
Isolated VLAN—A secondary VLAN that carries traf
fic from isolated ports to promiscuous
ports. Only one isolated VLAN can be configured per private VLAN.
Community VLAN—A secondary VLAN that forwards traf
fic between ports that belong to
the same community and the promiscuous ports. There can be multiple community
VLANs per private VLAN.
Three types of port designations exist within a private VLAN:
Promiscuous Ports—An endpoint connected to a promiscuous port is allowed to
communicate with any endpoint within the private VLAN. Multiple promiscuous ports can
be defined for a single private VLAN domain.
Isolated Ports—An endpoint connected to an isolated port is allowed to communicate with
endpoints connected to promiscuous ports only
. Endpoints connected to adjacent
isolated ports cannot communicate with each other.
Community Ports—An endpoint connected to a community port is allowed to
communicate with the endpoints within a community and with any configured
promiscuous port.
The endpoints that belong to one community cannot communicate with
endpoints that belong to a different community or with endpoints connected to isolated
ports.
The Private VLANs can be extended across multiple switches through inter-switch/stack links
that transport primary
, community, and isolated VLANs between devices.
switchport private-vlan
This command is used to define a private-VLAN association for an isolated or community port
or a mapping for a promiscuous port.
Format switchport private-vlan {host-association <primary-vlan-id>
<secondary-vlan-id> | mapping <primary-vlan-id> {add | remove}
<secondary-vlan-list>}
Mode
Interface Config