Accton Technology ES3526XA, ES3552XA Private VLANs

Configuring the Switch

CLI – This example sets port 3 to accept only tagged frames, assigns P VID 3 as the

native VLAN ID, enables GV RP, sets the GARP timers, and then s ets the switchport

mode to hybrid.

Private VLANs

Private VLANs provide port-based security and isolation between ports within

theas signed VLAN. This switch supports two types of private VLANs: primary/

secondary associated groups, and stand-alone isolated VLANs. A primary VLAN

contains promiscuous ports that can communicate with all other ports in the private

VLAN group, while a secondary (or community) VLAN contains community ports

that can only communicate with other hosts within the secondary VLAN and with any

of the promiscuous ports in the associated primary VLAN. Isolated VLANs, on the

other hand, consist a single stand-alone VLAN that contains one promiscuous port

and one or more isolated (or host) ports. In all cases, the promiscuous ports are

designed to provide open access to an external network such as the Internet, while

the community or isolated ports provide restricted access to local users.

Multiple primary VLANs can be configured on this switch, and multiple community

VLANs can be associated with each primary VLAN. One or more isolated VLANs

can also be configured. (Note that private VLANs and normal VLANs can exist

simultaneously within the same switch.)

To configure primary/secondary associated groups, follow these steps:

1. Use the Private VLAN Configuration menu (page 3-154) to designate one or

more community VLANs, and the primary VLAN that will channel traffic outside

of the VLAN groups.

2. Use the Private VLAN Association menu (page 3-154) to map the secondary

(i.e., community) VLAN(s) to the primary VLAN.

3. Use the Private VLAN Port Configuration menu (page 3-156) to set the port

type to promiscuous (i.e., having access to all ports in the primary VLAN), or

host (i.e., having access restricted to community VLAN members, and

channeling all other traffic through promiscuous ports). Then assign any

promiscuous ports to a primary VLAN and any host ports a community VLAN.

To configure an isolated VLAN, follow these steps:

1. Use the Private VLAN Configuration menu (page 3-154) to designate an

isolated VLAN that will channel all traffic through a single promiscuous port.

Console(config)#interface ethernet 1/3 4-131

Console(config-if)#switchport acceptable-frame-types tagged 4-182

Console(config-if)#switchport ingress-filtering 4-183

Console(config-if)#switchport native vlan 3 4-184

Console(config-if)#switchport gvrp 4-195

Console(config-if)#garp timer join 20 4-196

Console(config-if)#garp timer leave 90 4-196

Console(config-if)#garp timer leaveall 2000 4-196

Console(config-if)#switchport mode hybrid 4-182

Console(config-if)#