beautypg.com

3 tpid configuration, 9 layer 2 isolation, 3 tpid configuration 8.1.9 – Siemens S223 User Manual

Page 186: Layer 2 isolation

background image

UMN:CLI User Manual

SURPASS hiD 6615 S223/S323 R1.5

186 A50010-Y3-C150-2-7619

DT and HTLS cannot be configured at the same time. (If switch should operate as

DT, HTSL has to be disabled.)

TPID value of all ports on switch is same.

Access Port should be configured as Untagged, and Uplink port as Tagged.

Ignore all tag information of port which comes from untagged port (Access Port).

Port with DT function should be able to configure Jumbo function also

8.1.8.3 TPID

Configuration

TPID (Tag Protocol Identifier) is a kind of Tag protocol, and it indicates the currently used
tag information. User can change the TPID. By default the port which is configured as
802.1q (0x8100) cannot work as VLAN member.

Use the following command to set TPID on a QinQ port.

Command Mode

Description

vlan dot1q-tunnel tpid

TPID Bridge

Configures

TPID.

8.1.9

Layer 2 Isolation

Private VLAN is a kind of LAN Security function using by Cisco products, and it can be
classified to Private VLAN and Private edge. Until now, there is no standard document of
it.

Private VLAN Edge

Private VLAN edge (protected port) is a function in local switch. That is, it cannot work on
between two different switches with protected ports. A protected port cannot transmit any
traffic to other protected ports.

Private VLAN

Private VLAN provides L2 isolation within the same Broadcast Domain ports. That means
another VLAN is created within a VLAN. There are three type of VLAN mode.

Promiscuous

: A promiscuous port can communicate with all interfaces, including the

isolated and community ports within a PVLAN.

Isolated

: An isolated port has complete Layer 2 separation from the other ports within

the same PVLAN, but not from the promiscuous ports. PVLANs block all traffic to iso-

lated ports except traffic from promiscuous ports. Traffic from isolated port is for

warded only promiscuous ports.

Community

: Community ports communicate among themselves and with their pro-

miscuous ports. These interfaces separate at Layer 2 from all other interfaces in-

other communities or isolated ports within their PVLAN.

The difference between Private VLAN and Private VLAN edge is that PVLAN edge guar-
antees security for the ports in a VLAN using protected port and PVLAN guarantees port
security by creating sub-VLAN with the three types (Promiscuous, Isolation, and Commu-
nity). And because PVLAN edge can work on local switch, the isolation between two
switches is impossible.

The hiD 6615 S223/S323 provides Private VLAN function like Private VLAN edge of
Cisco product. Because it does not create any sub-VLAN, port security is provided by port

This manual is related to the following products: