LevelOne GSW-2692 manual Private VLANs

VLAN Configuration 3

CLI – This example sets port 3 to accept only tagged frames, assigns PVID 3 as the native VLAN ID, enables GVRP, sets the GARP timers, and then sets the switchport mode to hybrid.

Private VLANs

Private VLANs provide port-based security and isolation between ports within the assigned VLAN. This switch supports two types of private VLANs: primary/ secondary associated groups, and stand-alone isolated VLANs. A primary VLAN contains promiscuous ports that can communicate with all other ports in the private VLAN group, while a secondary (or community) VLAN contains community ports that can only communicate with other hosts within the secondary VLAN and with any of the promiscuous ports in the associated primary VLAN. Isolated VLANs, on the other hand, consist a single stand-alone VLAN that contains one promiscuous port and one or more isolated (or host) ports. In all cases, the promiscuous ports are designed to provide open access to an external network such as the Internet, while the community or isolated ports provide restricted access to local users.

Multiple primary VLANs can be configured on this switch, and multiple community VLANs can be associated with each primary VLAN. One or more isolated VLANs can also be configured. (Note that private VLANs and normal VLANs can exist simultaneously within the same switch.)

To configure primary/secondary associated groups, follow these steps:

1.Use the Private VLAN Configuration menu (page 3-119) to designate one or more community VLANs, and the primary VLAN that will channel traffic outside of the VLAN groups.

2.Use the Private VLAN Association menu (page 3-119) to map the secondary (i.e., community) VLAN(s) to the primary VLAN.

3.Use the Private VLAN Port Configuration menu (page 3-121) to set the port type to promiscuous (i.e., having access to all ports in the primary VLAN), or host (i.e., having access restricted to community VLAN members, and channeling all other traffic through promiscuous ports). Then assign any promiscuous ports to a primary VLAN and any host ports a community VLAN.

To configure an isolated VLAN, follow these steps:

1.Use the Private VLAN Configuration menu (page 3-119) to designate an isolated VLAN that will channel all traffic through a single promiscuous port.

3-117