VLAN Management
224 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4
12
• Community (host)—Community ports can define a group of ports that are member in
the same Layer 2 domain. They are isolated at Layer 2 from other communities and
from isolated ports. These ports connect host ports.
• Isolated (host)—An isolated port has complete Layer 2 isolation from the other
isolated and community ports within the same private VLAN. These ports connect host
ports.
The following types of private VLANs exist:
• Primary VLAN—The primary VLAN is used to enable Layer 2 connectivity from
promiscuous ports to isolated and to community ports. There can only be a single
primary VLAN per private VLAN.
• Isolated VLAN (also known as a Secondary VLAN)—An isolated VLAN is used to
enable isolated ports to send traffic to the primary VLAN. There can only be a single,
isolated VLAN per private VLAN.
• Community VLAN (also known as a Secondary VLAN)—To create a sub-group of
ports (community) within a VLAN, the ports must be added a community VLAN. The
community VLAN is used to enable Layer 2 connectivity from community ports to
promiscuous ports and to community ports of the same community. There can be a
single community VLAN for each community and multiple community VLANs can
coexist in the system for the same private VLAN).
See Figure 1 and Figure 2 for samples of how these VLANs are used.
Host traffic is sent on isolated and community VLANs, while server and router traffic is sent
on the primary VLAN.
Shared MAC address learning exists between all the VLANs that are members in the same
private VLAN (although the switch supports independent VLAN learning). This enables
Unicast traffic, despite the fact that host MAC addresses are learned by isolated and
community VLANs, while routers and server MAC addresses are learned by the primary
VLAN.
A private VLAN-port can only be added to one private VLAN. Other port types, such as
access or trunk ports, can be added to the individual VLANs that make up the private VLAN
(since they are regular 802.1Q VLANs).
A private VLAN can be configured to span across multiple switches by setting inter-switch
ports as trunk ports and adding them to all VLANs in the private VLAN. Inter-switch trunk
ports send and receive tagged traffic of the private VLAN’s various VLANs (primary, isolated
and the communities).
The switch supports 16 primary VLANs and 256 secondary VLANs.
To Next Page
Loading...
