Configuring VLANs

Defining Private VLANs

Defining Private VLANs

Private VLANs (PVLAN) increase network security by limiting inter-port communication within a VLAN. Private VLANs limit network traffic at the Layer 2 level. Network administrators define a Primary VLAN. Within the Primary VLAN there are Isolated and Community VLANs. Private VLAN ports can have the following states:

Promiscuous — Promiscuous ports can communicate with all ports within a PVLAN. All promiscuous pack- ets are automatically assigned to both the Isolated and the Community VLANs.

Isolated — Isolated ports are completely isolated from other ports in the same PVLAN. However isolated ports can communicate with promiscuous ports. In addition, all traffic to and from isolated ports with a VLANs is blocked, except for traffic from promiscuous ports. All isolated ports are automatically assigned to the Iso- lated VLAN.

Community — Community ports communicate with other community ports and with promiscuous ports. Community ports are separated from all other interfaces in other communities or isolated ports in the same PVLAN. All community ports are automatically assigned to the Community VLAN and to the Private VLAN.

Notes

Ports cannot be defined as either promiscuous or isolated port if the ports are existing VLAN members.

Notes

Previously created VLANs cannot be configured as isolated or community VLANs.

Notes

Isolated and Community VLANs are included in the total VLAN count.

If the Primary VLAN is deleted, both the Isolated and the Community VLANs are also deleted. In addition, the Iso- lated and Community VLANs only forward untagged traffic. To define Private VLANs:

1.Click Basic Setup > VLAN >Private VLANs. The Private VLANs Page opens.

Page 113

Page 113 Page 115
Page 114
Image 114
D-Link DES-3010FA/GA manual Defining Private VLANs
Page 113 Page 115
Top Page Image Contents