VLAN Management
Overview
255 Cisco 500 Series Stackable Managed Switch Administration Guide
14
Customer traffic is encapsulated with an S-tag with TPID 0x8100, regardless of
whether it was originally c-tagged or untagged. The S-tag enables this traffic to be
treated as an aggregate within a provider bridge network, where the bridging is
based on the S-tag VID (S-VID) only.
The S-Tag is preserved while traffic is forwarded through the network service
provider's infrastructure, and is later removed by an egress device.
An additional benefit of QinQ is that there is no need to configure customers' edge
devices.
QinQ is enabled in the VLAN Management > Interface Settings page.
Private VLAN
The Private VLAN feature provides layer-2 isolation between ports. This means
that at the level of bridging traffic, as opposed to IP routing, ports that share the
same Broadcast domain cannot communicate with each other. The ports in a
private VLAN can be located anywhere in the layer 2 network, meaning that they
do not have to be on the same switch. The private VLAN is designed to receive
untagged or priority-tagged traffic and transmit untagged traffic.
The following types of ports can be members in a private VLAN:
• Promiscuous—A promiscuous port can communicate with all ports of the
same private VLAN. These ports connect servers and routers.
• Community (host)—Community ports can define a group of ports that are
member in the same Layer 2 domain. They are isolated at Layer 2 from
other communities and from isolated ports. These ports connect host ports.
• Isolated (host)—An isolated port has complete Layer 2 isolation from the
other isolated and community ports within the same private VLAN. These
ports connect host ports.
The following types of private VLANs exist:
• Primary VLAN—The primary VLAN is used to enable Layer 2 connectivity
from promiscuous ports to isolated and to community ports. There can only
be a single primary VLAN per private VLAN.
• Isolated VLAN (also known as a Secondary VLAN)—An isolated VLAN is
used to enable isolated ports to send traffic to the primary VLAN. There can
only be a single, isolated VLAN per private VLAN.
• Community VLAN (also known as a Secondary VLAN)—To create a sub-
group of ports (community) within a VLAN, the ports must be added a
To Next Page
Loading...
Need help?
General
