NETGEAR M7100 Switch User Manual


 
44 | Chapter 2. VLANs
ProSafe M4100 and M7100 Managed Switches
Private VLANs
The Private VLANs feature separates a regular VLAN domain into two or more subdomains.
Each subdomain is defined (represented) by a primary VLAN and a secondary VLAN. The
primary VLAN ID is the same for all subdomains that belong to a private VLAN. The
secondary VLAN ID differentiates subdomains from each other and provides Layer 2 isolation
between ports of the same private VLAN.
There are three types of VLAN within a private VLAN:
Primary VLAN - it forwards the traf
fic from the promiscuous ports to isolated ports,
community ports, and other promiscuous ports in the same private VLAN. Only one
primary VLAN can be configured per private VLAN. All ports within a private VLAN
share the same primary VLAN.
Community VLAN - is a secondary VLAN. It forwards traf
fic between ports which
belong to the same community and to the promiscuous ports. There can be multiple
community VLANs per private VLAN.
Isolated VLAN - is a secondary VLAN. It carries traf
fic from isolated ports to
promiscuous ports. Only one isolated VLAN can be configured per private VLAN.
There are three types of port designation within a private VLAN:
Promiscuous port - belongs to a primary VLAN and can communicate with all
interfaces in the private VLAN, including other promiscuous ports, community ports,
and isolated ports.
Community ports -
These ports can communicate with other community ports and
promiscuous ports.
Isolated ports -
These can ONLY communicate with promiscuous ports.
The Private VLANs can be extended across multiple switches through inter-switch/stack links
that transport primary
, community, and isolated VLANs between devices. See figure 1.
Figure 4. Private VLANs