devices need to identify Primary VLANs but not Secondary VLANs. Therefore, they can save VLAN resources without considering the VLAN configuration in the lower layer. Meanwhile, the service provider can assign each user an individual Secondary VLAN, so that users are separated at the Layer 2 level.

Private VLAN technology is mainly used in campus or enterprise networks to achieve user layer-2-separation and to save VLAN resources of uplink devices.

¾The Elements of a Private VLAN

Primary VLAN: A Private VLAN has one Primary VLAN and one Secondary VLAN. Primary VLAN is the user VLAN uplink device can identify but it is not the actual VLAN the end user is in. Every port in a private VLAN is a member of the primary VLAN. The primary VLAN carries unidirectional traffic downstream from the promiscuous ports to the host ports and to other promiscuous ports.

Secondary VLAN: .Secondary VLAN is the actual VLAN the end user is in. Secondary VLANs are associated with a primary VLAN, and are used to carry traffic from hosts to uplink devices.

Promiscuous: A promiscuous port connects to and communicates with the uplink device. The PVID of the promiscuous port is the same with the Primary VLAN ID. One promiscuous port can only join to one Primary VLAN.

Host: A host port connects to and communicates with terminal device. The PVID of the host port is the same as the Secondary VLAN ID. One host port can only belong to one Private VLAN.

¾Features of Private VLAN

1.A Private VLAN contains one Primary VLAN and one Secondary VLAN.

2.A VLAN can not be set as the Primary VLAN and Secondary VLAN simultaneously.

3.A Secondary VLAN can only join one private VLAN.

4.A Primary VLAN can be associated with multi-Secondary VLANs to create multi-Private VLANs.

¾Private VLAN Implementation

To hide Secondary VLANs from uplink devices and save VLAN resources, Private VLAN containing one Primary VLAN and one Secondary VLAN requires the following characteristics:

zPackets from different Secondary VLANs can be forwarded to the uplink device via promiscuous port and carry no corresponding Secondary VLAN information.

zPackets from Primary VLANs can be sent to end users via host port and carry no Primary VLAN information.

Private VLAN is designed to save VLAN resource by means of Port configuration synchronization among the MAC address tables of VLANs and MAC address duplication. To achieve these requirements described above, the following two aspects are required:

1)Create Private VLAN: A Private VLAN includes one Primary VLAN and one Secondary VLAN, the PVID of the promiscuous port is equal to the Primary VLAN ID and the PVID of the host port is the same as the corresponding Secondary VLAN ID, moreover, the egress rule of all

76

Page 84
Image 84
TP-Link TL-SL5428E manual ¾ The Elements of a Private Vlan, ¾ Features of Private Vlan, ¾ Private Vlan Implementation