beautypg.com

Portfast on private vlans, Access mode private vlan configuration example – Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

Page 420

background image

VLAN Introduction

Software Reference for x310 Series Switches

16.8

AlliedWare Plus

TM

Operating System - Version 5.4.4C

C613-50046-01 REV A

Private VLANs operate within a single switch and comprise one primary VLAN plus a
number of secondary VLANS. All data enters the private VLAN ports untagged. Using the
example of

Figure 16-1

, data enters the switch via the promiscuous port1.0.1 and is

forwarded to the host ports using VLAN 20, the primary VLAN. Data returning from the
host ports to the promiscuous port (and exiting the switch) use the secondary VLAN
associated with its particular host port, VLAN 21, 22, or 23 in the example. Thus the data
flows into the switch via the primary VLAN and out of the switch via the secondary VLANs.
This situation is not detected outside of the switch, because all its private ports are
untagged. Note however, that data flowing between ports within the same community
VLAN will do so using the VID of the community VLAN.

Portfast on private VLANS

Within private VLANs, we recommend that you place all host ports into spanning-tree
portfast mode and enable BPDU guard. Portfast assumes that because host ports will also
be edge ports, they will have no alternative paths (loops) via other bridges. These ports
are therefore allowed to move directly from the spanning-tree blocking state into the
forwarding state, thus bypassing the intermediate states.

Applying BPDU guard is an extra precaution. This feature disables an edge port if it
receives a BPDU frame, because receiving such a frame would indicate that the port has a
connection to another network bridge.

For more information on BPDU guard and portfast, see their following commands:

spanning-tree portfast bpdu-guard command on page 19.61

spanning-tree portfast (STP) command on page 19.57

Access mode private VLAN configuration example

Table 16-2: Configuration procedure for access mode private VLANs

Command

Description

Create the VLANs

awplus#

configure terminal

Enter Global Configuration mode.

awplus(config)#

vlan database

Enter VLAN Configuration mode.

awplus(config-vlan)#

vlan 20-23

Create the VLANs.

Create the private VLANs and set the type

awplus(config-vlan)#

private-vlan 20 primary

Create primary VLAN 20.

awplus(config-vlan)#

private-vlan 21 community

Create community VLAN 21.

awplus(config-vlan)#

private-vlan 22 community

Create community VLAN 22.

awplus(config-vlan)#

private-vlan 23 isolated

Create isolated VLAN 23.

See also other documents in the category Allied Telesis Computer hardware: