Netgear M4100-26G CLI Manual - Page 68
Private VLAN, switchport private-vlan
View all Netgear M4100-26G manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 68 highlights
ProSafe M4100 and M7100 Managed Switches Private VLAN The Private VLANs feature separates a regular VLAN domain into two or more subdomains. Each subdomain is defined (represented) by a primary VLAN and a secondary VLAN. The primary VLAN ID is the same for all subdomains that belong to a private VLAN. The secondary VLAN ID differentiates subdomains from each other and provides Layer 2 isolation between ports of the same private VLAN. The types of VLANs within a private VLAN are as follows: • Primary VLAN-Forwards the traffic from the promiscuous ports to isolated ports, community ports, and other promiscuous ports in the same private VLAN. Only one primary VLAN can be configured per private VLAN. All ports within a private VLAN share primary VLAN. • Isolated VLAN-A secondary VLAN that carries traffic from isolated ports to promiscuous ports. Only one isolated VLAN can be configured per private VLAN. • Community VLAN-A secondary VLAN that forwards traffic between ports that belong to the same community and the promiscuous ports. There can be multiple community VLANs per private VLAN. Three types of port designations exist within a private VLAN: • Promiscuous Ports-An endpoint connected to a promiscuous port is allowed to communicate with any endpoint within the private VLAN. Multiple promiscuous ports can be defined for a single private VLAN domain. • Isolated Ports-An endpoint connected to an isolated port is allowed to communicate with endpoints connected to promiscuous ports only. Endpoints connected to adjacent isolated ports cannot communicate with each other. • Community Ports-An endpoint connected to a community port is allowed to communicate with the endpoints within a community and with any configured promiscuous port. The endpoints that belong to one community cannot communicate with endpoints that belong to a different community or with endpoints connected to isolated ports. The Private VLANs can be extended across multiple switches through inter-switch/stack links that transport primary, community, and isolated VLANs between devices. switchport private-vlan This command is used to define a private-VLAN association for an isolated or community port or a mapping for a promiscuous port. Format Mode switchport private-vlan {host-association | mapping {add | remove} } Interface Config Switching Commands 68