Configuring VLANs Using Private VLANs
OmniSwitch AOS Release 8 Network Configuration Guide December 2017 page 4-16
• Isolated VLAN—In an Isolated VLAN, all hosts connected to a member port are Isolated at Layer 2.
They can communicate only with the promiscuous port of the Primary VLAN. There can be only one
Isolated VLAN within one Primary VLAN.
• Community VLAN—A Community VLAN is associated to a group of ports that connect to a certain
“community” of end devices with mutual trust relationships. Any switch port associated with a
common Community VLAN can communicate with each other and with the promiscuous ports of the
Primary VLAN but not with any other Secondary VLAN. There can be multiple distinct Community
VLANs within one Primary VLAN.
Private VLAN Ports
The ports with respect to PVLANs have different characteristics. The PVLAN port types are:
• PVLAN Isolated Port—An isolated port cannot communicate with any other port in the PVLAN
except for promiscuous ports. This is a physical port or link aggregation port that is associated with an
Isolated Secondary VLAN at the port level.
• PVLAN Community Port—A community port can only communicate with a promiscuous port and
other ports that are part of the same Community VLAN in the same Primary VLAN. This is a physical
port or link aggregation port that is associated with only one Community Secondary VLAN at the port
level.
• PVLAN Promiscuous Port—The promiscuous port can communicate with all the isolated ports and
community ports in the Primary VLAN. This is a physical port or link aggregation that is associated
with only one Primary VLAN at the port level.
• PVLAN ISL Port—An inter-switch link port that extends a PVLAN domain across different switches
by connecting Primary VLANs that belong to the same PVLAN domain. The ISL port carries both
non-PVLAN traffic and Primary VLAN traffic between switches.
Quick Steps for Configuring PVLANs
The following steps provide a quick tutorial that creates a PVLAN. Also included are steps to define a
Secondary VLAN for the PVLAN and assign ports to the PVLAN.
1 Create a PVLAN. Creating a PVLAN involves specifying a VLAN ID that is not already assigned to
an existing VLAN. The specified VLAN ID will become the Primary VLAN for the PVLAN. For
example, to create PVLAN 200 with the name “Corporate PVLAN” enter:
-> pvlan 200 name “Corporate PVLAN”
2 Enable the administrative state of PVLAN 200 by entering:
-> pvlan 200 admin-state enable
3 Create a Secondary VLAN and associate it to the Primary VLAN. Creating a Secondary VLAN
involves specifying a VLAN ID that is not already assigned to an existing VLAN. The Secondary VLAN
can be an Isolated VLAN or a Community VLAN depending on network requirements. For example, to
create Isolated VLAN 250 and Community VLAN 251 and associate them to Primary VLAN 200, enter:
-> pvlan 200 secondary 250 type isolated
-> pvlan 200 secondary 251 type community
To Next Page
Loading...
