UMN:CLI User Manual
V5808
274
8.1.10 Layer 2 Isolation
Private VLAN is a kind of LAN Security function using by Cisco products, and it can be
classified to Private VLAN and Private edge. Currently, there is no standard of it.
Private VLAN Edge
Private VLAN edge (protected port) is a function in local switch. That is, it cannot work on
between two different switches with protected ports. A protected port cannot transmit any
traffic to other protected ports.
Private VLAN
Private VLAN provides L2 isolation within the same Broadcast Domain ports. That means
another VLAN is created within a VLAN. There are three type of VLAN mode.
• Promiscuous: A promiscuous port can communicate with all interfaces, including the
isolated and community ports within a PVLAN.
• Isolated: An isolated port has complete Layer 2 separation from the other ports within
the same PVLAN, but not from the promiscuous ports. PVLANs block all traffic to iso-
lated ports except traffic from promiscuous ports. Traffic from isolated port is for-
warded only to promiscuous ports.
• Community: Community ports communicate among themselves and with their pro-
miscuous ports. These interfaces are separated at Layer 2 from all other interfaces in
other communities or isolated ports within their PVLAN.
The difference between Private VLAN and Private VLAN edge is that PVLAN edge
guarantees security for the ports in a VLAN using protected port and PVLAN guarantees
port security by creating sub-VLAN with the three types (Promiscuous, Isolation, and
Community). And because PVLAN edge can work on local switch, the isolation between
two switches is impossible.
The V5808 provides Private VLAN function like Private VLAN edge of Cisco product.
Because it does not create any sub-VLAN, port security is provided by port isolation. If
you want to configure Private VLAN on the V5808 switch, refer to Port Isolation
configuration.
8.1.10.1 Port Isolation
The Port Isolation feature is a method that restricts L2 switching between isolated ports in
a VLAN. However, flows between isolated port and non-isolated port are not restricted. If
you use the port protected command, packet cannot be transmitted between protected
ports. However, to non-protected ports, communication is possible.
To configure Port Isolation, use the following command.
no port protected [PORTS]
To Next Page
Loading...