Private vlans, Private vlans for ports in access mode – Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

VLAN Introduction

Software Reference for x310 Series Switches

C613-50046-01 REV A

AlliedWare Plus

TM

Operating System - Version 5.4.4C

16.5

Private VLANs

Private VLANs combine the network advantages of conventional VLANs, with an added
degree of privacy obtained by limiting the connectivity between selected ports.

This section provides an introduction to:

■

Private VLANs for ports in access mode

■

Private VLANs for trunked ports

Private VLANs for ports in access mode

An example application of a private VLAN would be a library in which user booths each
have a PC with Internet access. In this situation it would usually be undesirable to allow
communication between these individual PCs. Connecting the PC to ports within a private
isolated VLAN would enable each PC to access the Internet or a library server via a single
connection, whilst preventing access between the PCs in the booths.

Another application might be to use private VLANs to simplify IP address assignment.
Ports can be isolated from each other whilst still belonging to the same subnet.

A private VLAN comprises the following components:

■

a single promiscuous port

■

one or more host ports
There are two types of host ports:

«

isolated ports
These can only communicate with the promiscuous port that is associated with
the isolated VLAN.

«

community ports
These can communicate with their associated promiscuous port and other
community ports within the community VLAN.

■

a single primary VLAN

■

one or more secondary VLANS
There are two types of secondary VLANs:

«

isolated VLANs
In this VLAN type, communication can only take place between each host port
and its associated promiscuous port.

«

community VLANs
In this VLAN type, communication can take place between host ports and
between each host port and its associated promiscuous port.