Home » TP-Link Manuals » Hubs & Switches » TP-Link T1700X-16TS » Manual Viewer

TP-Link T1700X-16TS T1700X-16TSUN V1 User Guide - Page 91

The Elements of a Private VLAN

View all TP-Link T1700X-16TS manuals

Add to My Manuals
Save this manual to your list of manuals

Page 91 highlights

Private VLAN technology is mainly used in campus or enterprise networks to achieve user Layer-2-separation and to save VLAN resources of uplink devices.  The Elements of a Private VLAN Promiscuous port: A promiscuous port connects to and communicates with the uplink device. The PVID of the promiscuous port is the same with the Primary VLAN ID. One promiscuous port can only join to one Primary VLAN. Host port: A host port connects to and communicates with terminal device. The PVID of the host port is the same as the Secondary VLAN ID. One host port can only belong to one Private VLAN. Primary VLAN: A Private VLAN has one Primary VLAN and one Secondary VLAN. Primary VLAN is the user VLAN uplink device can identify, but it is not the actual VLAN the end user is in. Every port in a private VLAN is a member of the primary VLAN. The primary VLAN carries unidirectional traffic downstream from the promiscuous ports to the host ports and to other promiscuous ports. Secondary VLAN: .Secondary VLAN is the actual VLAN the end user is in. Secondary VLANs are associated with a primary VLAN, and are used to carry traffic from hosts to uplink devices. There are two types of secondary VLANS:  Isolated VLAN－Members in an isolated VLAN are isolated with each other. Each isolated VLAN must bind to a primary VLAN.  Community VLAN－Members in a community VLAN can communicate with each other directly. Each community VLAN must bind to a primary VLAN.  Features of Private VLAN 1. A Private VLAN contains one Primary VLAN and one Secondary VLAN. 2. A VLAN cannot be set as the Primary VLAN and Secondary VLAN simultaneously. 3. A Secondary VLAN can only join one private VLAN. 4. A Primary VLAN can be associated with multi-Secondary VLANs to create multi-Private VLANs.  Private VLAN Implementation To hide Secondary VLANs from uplink devices and save VLAN resources, Private VLAN containing one Primary VLAN and one Secondary VLAN requires the following characteristics:  Packets from different Secondary VLANs can be forwarded to the uplink device via promiscuous port and carry no corresponding Secondary VLAN information.  Packets from Primary VLANs can be sent to end users via host port and carry no Primary VLAN information. Private VLAN functions are implemented on the PVLAN Config and Port Config pages. 80

Section	Page
Package Contents	12
Chapter 1 About this Guide	13
1.1 Intended Readers	13
1.2 Conventions	13
1.3 Overview of This Guide	13
Chapter 2 Introduction	17
2.1 Overview of the Switch	17
2.2 Appearance Description	17
2.2.1 Front Panel	17
2.2.2 Rear Panel	18
Chapter 3 Login to the Switch	20
3.1 Login	20
3.2 Configuration	21
Chapter 4 System	22
4.1 System Info	22
4.1.1 System Summary	22
4.1.2 Device Description	23
4.1.3 System Time	24
4.1.4 Daylight Saving Time	25
4.1.5 System IPv6	26
4.2 User Management	35
4.2.1 User Table	35
4.2.2 User Config	35
4.3 System Tools	36
4.3.1 Boot Config	37
4.3.2 Config Restore	38
4.3.3 Config Backup	38
4.3.4 Firmware Upgrade	39
4.3.5 System Reboot	40
4.3.6 System Reset	40
4.4 Access Security	41
4.4.1 Access Control	41
4.4.2 HTTP Config	42
4.4.3 HTTPS Config	43
4.4.4 SSH Config	45
4.4.5 Telnet Config	52
Chapter 5 Switching	53
5.1 Port	53
5.1.1 Port Config	53
5.1.2 Port Mirror	54
5.1.3 Port Security	56
5.1.4 Port Isolation	58
5.1.5 Loopback Detection	59
5.2 LAG	61
5.2.1 LAG Table	62
5.2.2 Static LAG	63
5.2.3 LACP Config	64
5.3 Traffic Monitor	66
5.3.1 Traffic Summary	66
5.3.2 Traffic Statistics	67
5.4 MAC Address	68
5.4.1 Address Table	69
5.4.2 Static Address	70
5.4.3 Dynamic Address	72
5.4.4 Filtering Address	73
Chapter 6 VLAN	75
6.1 802.1Q VLAN	76
6.1.1 VLAN Config	77
6.1.2 Port Config	78
6.2 Application Example for 802.1Q VLAN	80
6.3 MAC VLAN	81
6.3.1 MAC VLAN	82
6.3.2 Port Enable	82
6.4 Application Example for MAC VLAN	83
6.5 Protocol VLAN	85
6.5.1 Protocol Group Table	86
6.5.2 Protocol Group	86
6.5.3 Protocol Template	87
6.6 Application Example for Protocol VLAN	89
6.7 Private VLAN	90
6.7.1 PVLAN Config	92
6.7.2 Port Config	93
6.8 Application Example for Private VLAN	94
Chapter 7 Spanning Tree	97
7.1 STP Config	102
7.1.1 STP Config	102
7.1.2 STP Summary	104
7.2 Port Config	105
7.3 MSTP Instance	107
7.3.1 Region Config	107
7.3.2 Instance Config	107
7.3.3 Instance Port Config	108
7.4 STP Security	110
7.4.1 Port Protect	110
7.4.2 TC Protect	113
7.5 Application Example for STP Function	113
Chapter 8 Multicast	118
8.1 IGMP Snooping	122
8.1.1 Snooping Config	124
8.1.2 Port Config	125
8.1.3 VLAN Config	126
8.1.4 Multicast VLAN	127
8.1.5 Querier Config	130
8.1.6 Profile Config	132
8.1.7 Profile Binding	133
8.1.8 Packet Statistics	135
8.2 MLD Snooping	136
8.2.1 Snooping Config	138
8.2.2 Port Config	139
8.2.3 VLAN Config	140
8.2.4 Multicast VLAN	141
8.2.5 Querier Config	143
8.2.6 Profile Config	144
8.2.7 Profile Binding	146
8.2.8 Packet Statistics	148
8.3 Multicast Table	149
8.3.1 IPv4 Multicast Table	149
8.3.2 Static IPv4 Multicast Table	150
8.3.3 IPv6 Multicast Table	151
8.3.4 Static IPv6 Multicast Table	152
Chapter 9 Routing	154
9.1 Interface	154
9.2 Routing Table	157
9.3 Static Routing	158
9.4 ARP	159
9.4.1 ARP Table	159
9.4.2 Static ARP	159
Chapter 10 QoS	161
10.1 DiffServ	164
10.1.1 Port Priority	164
10.1.2 Schedule Mode	165
10.1.3 802.1P Priority	166
10.1.4 DSCP Priority	167
10.2 Bandwidth Control	169
10.2.1 Rate Limit	169
10.2.2 Storm Control	170
10.3 Voice VLAN	171
10.3.1 Global Config	173
10.3.2 Port Config	174
10.3.3 OUI Config	175
Chapter 11 ACL	178
11.1 ACL Config	178
11.1.1 ACL Summary	178
11.1.2 ACL Create	178
11.1.3 MAC ACL	179
11.1.4 Standard-IP ACL	180
11.1.5 Extend-IP ACL	181
11.2 Policy Config	182
11.2.1 Policy Summary	182
11.2.2 Policy Create	182
11.2.3 Action Create	183
11.3 ACL Binding	183
11.3.1 Binding Table	184
11.3.2 Port Binding	185
11.3.3 VLAN Binding	186
11.4 Policy Binding	186
11.4.1 Binding Table	187
11.4.2 Port Binding	188
11.4.3 VLAN Binding	189
11.5 Application Example for ACL	189
Chapter 12 Network Security	192
12.1 IP-MAC Binding	192
12.1.1 Binding Table	192
12.1.2 Manual Binding	193
12.1.3 ARP Scanning	195
12.2 DHCP Snooping	196
12.2.1 Global Config	200
12.2.2 Port Config	201
12.3 ARP Inspection	202
12.3.1 ARP Detect	206
12.3.2 ARP Defend	207
12.3.3 ARP Statistics	208
12.4 DoS Defend	209
12.4.1 DoS Defend	211
12.5 802.1X	211
12.5.1 Global Config	215
12.5.2 Port Config	217
12.5.3 RADIUS Config	218
Chapter 13 SNMP	220
13.1 SNMP Config	222
13.1.1 Global Config	222
13.1.2 SNMP View	223
13.1.3 SNMP Group	224
13.1.4 SNMP User	225
13.1.5 SNMP Community	227
13.2 Notification	229
13.3 RMON	231
13.3.1 Statistics	232
13.3.2 History	233
13.3.3 Event	234
13.3.4 Alarm	235
Chapter 14 LLDP	237
14.1 Basic Config	241
14.1.1 Global Config	241
14.1.2 Port Config	242
14.2 Device Info	243
14.2.1 Local Info	243
14.2.2 Neighbor Info	244
14.3 Device Statistics	245
14.4 LLDP-MED	247
14.4.1 Global Config	248
14.4.2 Port Config	248
14.4.3 Local Info	251
14.4.4 Neighbor Info	252
Chapter 15 Maintenance	253
15.1 System Monitor	253
15.1.1 CPU Monitor	253
15.1.2 Memory Monitor	254
15.2 Log	254
15.2.1 Log Table	255
15.2.2 Local Log	256
15.2.3 Remote Log	257
15.2.4 Backup Log	257
15.3 Device Diagnostics	258
15.3.1 Cable Test	258
15.4 Network Diagnostics	259
15.4.1 Ping	260
15.4.2 Tracert	260
Appendix A: Specifications	262

Match case Limit results 1 per page

Private VLAN technology is mainly used in campus or enterprise networks to achieve user

Layer-2-separation and to save VLAN resources of uplink devices.



The Elements of a Private VLAN

Promiscuous port:

A promiscuous port connects to and communicates with the uplink device.

The PVID of the promiscuous port is the same with the Primary VLAN ID. One promiscuous port

can only join to one Primary VLAN.

Host port:

A host port connects to and communicates with terminal device. The PVID of the host

port is the same as the Secondary VLAN ID. One host port can only belong to one Private VLAN.

Primary VLAN:

A Private VLAN has one Primary VLAN and one Secondary VLAN. Primary VLAN

is the user VLAN uplink device can identify, but it is not the actual VLAN the end user is in. Every

port in a private VLAN is a member of the primary VLAN. The primary VLAN carries unidirectional

traffic downstream from the promiscuous ports to the host ports and to other promiscuous ports.

Secondary VLAN:

.Secondary VLAN is the actual VLAN the end user is in. Secondary VLANs are

associated with a primary VLAN, and are used to carry traffic from hosts to uplink devices. There

are two types of secondary VLANS:



Isolated VLAN

－

Members in an isolated VLAN are isolated with each other. Each

isolated VLAN must bind to a primary VLAN.



Community VLAN

－

Members in a community VLAN can communicate with each other

directly. Each community VLAN must bind to a primary VLAN.



Features of Private VLAN

1. A Private VLAN contains one Primary VLAN and one Secondary VLAN.

2. A VLAN cannot be set as the Primary VLAN and Secondary VLAN simultaneously.

3. A Secondary VLAN can only join one private VLAN.

4. A Primary VLAN can be associated with multi-Secondary VLANs to create multi-Private

VLANs.



Private VLAN Implementation

To hide Secondary VLANs from uplink devices and save VLAN resources, Private VLAN

containing one Primary VLAN and one Secondary VLAN requires the following characteristics:



Packets from different Secondary VLANs can be forwarded to the uplink device via

promiscuous port and carry no corresponding Secondary VLAN information.



Packets from Primary VLANs can be sent to end users via host port and carry no Primary

VLAN information.

Private VLAN functions are implemented on the

PVLAN Config

and

Port Config

pages.