Siemens S323, S223 user manual Layer 2 Isolation, Tpid Configuration, Private Vlan Edge

•DT and HTLS cannot be configured at the same time. (If switch should operate as DT, HTSL has to be disabled.)

•TPID value of all ports on switch is same.

•Access Port should be configured as Untagged, and Uplink port as Tagged.

•Ignore all tag information of port which comes from untagged port (Access Port).

•Port with DT function should be able to configure Jumbo function also

8.1.8.3TPID Configuration

TPID (Tag Protocol Identifier) is a kind of Tag protocol, and it indicates the currently used tag information. User can change the TPID. By default the port which is configured as 802.1q (0x8100) cannot work as VLAN member.

Use the following command to set TPID on a QinQ port.

8.1.9Layer 2 Isolation

Private VLAN is a kind of LAN Security function using by Cisco products, and it can be classified to Private VLAN and Private edge. Until now, there is no standard document of it.

Private VLAN Edge

Private VLAN edge (protected port) is a function in local switch. That is, it cannot work on between two different switches with protected ports. A protected port cannot transmit any traffic to other protected ports.

Private VLAN

Private VLAN provides L2 isolation within the same Broadcast Domain ports. That means another VLAN is created within a VLAN. There are three type of VLAN mode.

•Promiscuous: A promiscuous port can communicate with all interfaces, including the isolated and community ports within a PVLAN.

•Isolated: An isolated port has complete Layer 2 separation from the other ports within the same PVLAN, but not from the promiscuous ports. PVLANs block all traffic to iso- lated ports except traffic from promiscuous ports. Traffic from isolated port is for warded only promiscuous ports.

•Community: Community ports communicate among themselves and with their pro- miscuous ports. These interfaces separate at Layer 2 from all other interfaces in- other communities or isolated ports within their PVLAN.

The difference between Private VLAN and Private VLAN edge is that PVLAN edge guar- antees security for the ports in a VLAN using protected port and PVLAN guarantees port security by creating sub-VLAN with the three types (Promiscuous, Isolation, and Commu- nity). And because PVLAN edge can work on local switch, the isolation between two switches is impossible.

The hiD 6615 S223/S323 provides Private VLAN function like Private VLAN edge of Cisco product. Because it does not create any sub-VLAN, port security is provided by port