Protected ports vlan overview – Allied Telesis AT-S63 User Manual

Page 500

background image

Chapter 22: Protected Ports VLANs

500

Section III: VLANs

Protected Ports VLAN Overview

The purpose of a protected ports VLAN is to allow multiple ports on the
switch to share the same uplink port but not share traffic with each
other.

This feature has some of the same characteristics as the multiple VLAN
modes described in the previous chapter. In a protected ports VLAN,
each port is considered a separate LAN segment that can only
communicate with an uplink port. The result is a configuration
appropriate in network environments that require a great deal of
segmentation.

One of the advantages of a protected ports VLAN is that it offers more
flexibility. With the multiple VLAN modes, you can select only one uplink
port which is shared by all the other ports. Also, you are not allowed to
modify the configuration.

With protected ports VLANs, you can create LAN segments that consist
of more than one port and you can specify multiple uplink ports.

Another advantage is that the switch can support protected ports VLANs
as well as port-based and tagged VLANs simultaneously, something that
is not allowed with the multiple VLAN modes.

An important concept of this feature is groups. A group is a selection of
one or more ports that function as a LAN segment within the VLAN. The
ports in each group are independent of the ports in the other groups of
the VLAN. The ports of a group can share traffic only amongst
themselves and with the uplink port, but not with ports in other groups
of the VLAN.

A protected ports VLAN can consist of two or more groups and a group
can consist of one or more ports. The ports of a group can be either
tagged or untagged.

This type of VLAN also shares some common features with tagged
VLANs, where one or more ports are shared by different LAN segments.
But there are significant differences. First, all the ports in a tagged VLAN
are considered a LAN segment, while the ports in a protected ports
VLAN, though residing within a single VLAN, are subdivided into the
smaller unit of groups, which represent the LAN segments.

Second, a tagged VLAN, by its nature, contains one or more tagged
ports. These are the ports that are shared among one or more tagged
VLANs. The device connected to a tagged port must be 802.1Q
compliant and it must be able to handle tagged packets.