SMC Networks 16 10BASE-T, 100BASE-TX manual Private VLANs

VLAN Configuration 3

CLI – This example sets port 3 to accept only tagged frames, assigns PVID 3 as the native VLAN ID, enables GVRP, sets the GARP timers, and then sets the switchport mode to hybrid.

Private VLANs

Private VLANs provide port-based security and isolation between ports within the assigned VLAN. This switch supports two types of private VLAN ports: promiscuous, and community ports. A promiscuous port can communicate with all interfaces within a private VLAN. Community ports can only communicate with other ports in their own community VLAN, and with their designated promiscuous ports. (Note that private VLANs and normal VLANs can exist simultaneously within the same switch.)

Uplink Ports Primary VLAN (promiscuous ports)

Each private VLAN consists of two components: a primary VLAN and one or more community VLANs. A primary VLAN allows traffic to pass between promiscuous ports, and between promiscuous ports and community ports subordinate to the primary VLAN. A community VLAN conveys traffic between community ports, and from the community ports to their associated promiscuous ports. Multiple primary VLANs can be configured on this switch, and multiple community VLANs can be configured within each primary VLAN.

To configure private VLANs, follow these steps:

1.Use the Private VLAN Configuration menu (page 3-115)to designate one or more community VLANs and the primary VLAN that will channel traffic outside of the community groups.

2.Use the Private VLAN Association menu (page 3-116)to map the secondary (i.e., community) VLAN(s) to the primary VLAN.

3.Use the Private VLAN Port Configuration menu (page 3-118)to set the port type to promiscuous (i.e., having access to all ports in the primary VLAN) or host (i.e., having access restricted to community VLAN members, and

3-113