beautypg.com

Private vlans, Private vlan ports, Private vlans 59 – Blade ICE G8000 User Manual

Page 59: Private vlan ports 59

background image

RackSwitch G8000 Application Guide

Chapter 3: VLANs

„

59

BMD00041, November 2008

Private VLANs

Private VLANs provide Layer 2 isolation between the ports within the same broadcast domain.
Private VLANs can control traffic within a VLAN domain, and provide port-based security for
host servers.

Use Private VLANs to partition a VLAN domain into sub-domains. Each sub-domain is com-
prised of one primary VLAN and one or more secondary VLANs, as follows:

„

Primary VLAN—carries unidirectional traffic downstream from promiscuous ports. Each
Private VLAN has only one primary VLAN. All ports in the Private VLAN are members
of the primary VLAN.

„

Secondary VLAN—Secondary VLANs are internal to a private VLAN domain, and are
defined as follows:

†

Isolated VLAN—carries unidirectional traffic upstream from the host servers toward
ports in the primary VLAN and the gateway. Each Private VLAN can contain only
one Isolated VLAN.

†

Community VLAN—carries upstream traffic from ports in the community VLAN to
other ports in the same community, and to ports in the primary VLAN and the gate-
way. Each Private VLAN can contain multiple community VLANs.

After you define the primary VLAN and one or more secondary VLANs, you map the second-
ary VLAN(s) to the primary VLAN.

Private VLAN ports

Private VLAN ports are defined as follows:

„

Promiscuous—A promiscuous port is a port that belongs to the primary VLAN. The pro-
miscuous port can communicate with all the interfaces, including ports in the secondary
VLANs (Isolated VLAN and Community VLANs). Each promiscuous port can belong to
only one Private VLAN.

„

Isolated—An isolated port is a host port that belongs to an isolated VLAN. Each isolated
port has complete layer 2 separation from other ports within the same private VLAN
(including other isolated ports), except for the promiscuous ports.

†

Traffic sent to an isolated port is blocked by the Private VLAN, except the traffic
from promiscuous ports.

†

Traffic received from an isolated port is forwarded only to promiscuous ports.

See also other documents in the category Blade ICE Computer Accessories: