Filter
Top Products
DES-7200 Configuration Guide Chapter 8 Private VLAN Configuration
8-1
8 Private VLAN
Configuration
8.1 Private VLAN
Technology
If the service provider offers a VLAN to each subscriber, the service provider
supports a limited number of subscribers because one device supports 4096
VLANs at most. On the layer 3 device, each VLAN is assigned with a subnet
address or a series of addresses, which results in a waste of IP addresses. In
this case, private VLAN comes into being.
A private VLAN divides the layer 2 broadcast domain of a VLAN into several sub
domains. Each sub domain consists of a private VLAN pair: primary VLAN and
secondary VLAN.
A private VLAN domain can have multiple private VLAN pairs, and each VLAN
pair represents a sub domain. All the private VLAN pairs in one private VLAN
domain share a primary VLAN. Each sub domain has a different secondary
VLAN IDs.
There is only one primary VLAN in each private VLAN domain. The secondary
VLAN is used for layer 2 separation in the same private VLAN domain. There
are two types of secondary VLANs:
z Isolated VLAN: Layer 2 communication is not possible for the ports in the
same isolated VLAN. There is only one isolated VLAN in a private VLAN
domain.
z Community VLAN: The ports in the same community VLAN can perform
layer 2 communication, but not with the ports in other community VLANs.
There can be multiple community VLANs in a private VLAN domains.
Promiscuous port, a port in the primary VLAN, can communicate with any port,
including the isolated port and community port of the secondary VLAN in the
same private VLAN.
Isolated port, a port in the isolated VLAN, can only communicate with the
promiscuous port. The packets received on the isolated port are allowed to be
forwarded to the Trunk Port, but the packets in the isolated VLAN received on
the Trunk Port cannot be forwarded to the isolated port.