Protected ports vlan overview – Allied Telesis AT-S63 User Manual

Page 670

background image

Chapter 28: Protected Ports VLANs

670

Section VI: VLANs

Protected Ports VLAN Overview

The purpose of a protected ports VLAN is to allow multiple ports on the
switch to share the same uplink port but not share traffic with each other.

This feature has some of the same characteristics as the multiple VLAN
modes described in the previous chapter, but it offers several advantages.
One is that it provides more flexibility. With the multiple VLAN modes, you
can select only one uplink port which is shared by all the other ports. Also,
you are not allowed to modify the configuration. With protected ports
VLANs, you can create LAN segments that consist of more than one port
and you can specify multiple uplink ports.

Another advantage is that the switch can support protected ports VLANs
as well as port-based and tagged VLANs simultaneously, something that
is not allowed with the multiple VLAN modes.

An important concept of this feature is groups. A group is a selection of
one or more ports that function as a LAN segment within the VLAN. The
ports in each group are independent of the ports in the other groups of the
VLAN. The ports of a group can share traffic only amongst themselves
and with the uplink port, but not with ports in other groups of the VLAN.

A protected ports VLAN can consist of two or more groups and a group
can consist of one or more ports. The ports of a group can be either
tagged or untagged.

This type of VLAN also shares some common features with tagged
VLANs, where one or more ports are shared by different LAN segments.
But there are significant differences. First, all the ports in a tagged VLAN
are considered a LAN segment, while the ports in a protected ports VLAN,
though residing within a single VLAN, are subdivided into the smaller unit
of groups, which represent the LAN segments.

Second, a tagged VLAN, by its nature, contains one or more tagged ports.
These are the ports that are shared among one or more tagged VLANs.
The device connected to a tagged port must be 802.1Q compliant and it
must be able to handle tagged packets.

In contrast, the uplink port in a protected ports VLAN, which is shared by
the ports in the different groups, can be either tagged or untagged. The
device connected to it does not necessarily need to be 802.1Q compliant.

Note

For explanations of VIDs and tagged and untagged ports, refer to
Chapter 25, “Port-based and Tagged VLANs” on page 597.