Siemens S323 User Manual
UMN:CLI User Manual
SURPASS hiD 6615 S223/S323 R1.5
186 A50010-Y3-C150-2-7619
•
DT and HTLS cannot be configured at the same time. (If switch should operate as
DT, HTSL has to be disabled.)
•
TPID value of all ports on switch is same.
•
Access Port should be configured as Untagged, and Uplink port as Tagged.
•
Ignore all tag information of port which comes from untagged port (Access Port).
•
Port with DT function should be able to configure Jumbo function also
8.1.8.3 TPID
Configuration
TPID (Tag Protocol Identifier) is a kind of Tag protocol, and it indicates the currently used
tag information. User can change the TPID. By default the port which is configured as
802.1q (0x8100) cannot work as VLAN member.
tag information. User can change the TPID. By default the port which is configured as
802.1q (0x8100) cannot work as VLAN member.
Use the following command to set TPID on a QinQ port.
Command Mode
Description
vlan dot1q-tunnel tpid
TPID Bridge
Configures
TPID.
8.1.9
Layer 2 Isolation
Private VLAN is a kind of LAN Security function using by Cisco products, and it can be
classified to Private VLAN and Private edge. Until now, there is no standard document of
it.
classified to Private VLAN and Private edge. Until now, there is no standard document of
it.
Private VLAN Edge
Private VLAN edge (protected port) is a function in local switch. That is, it cannot work on
between two different switches with protected ports. A protected port cannot transmit any
traffic to other protected ports.
between two different switches with protected ports. A protected port cannot transmit any
traffic to other protected ports.
Private VLAN
Private VLAN provides L2 isolation within the same Broadcast Domain ports. That means
another VLAN is created within a VLAN. There are three type of VLAN mode.
•
another VLAN is created within a VLAN. There are three type of VLAN mode.
•
Promiscuous
: A promiscuous port can communicate with all interfaces, including the
isolated and community ports within a PVLAN.
•
Isolated
: An isolated port has complete Layer 2 separation from the other ports within
the same PVLAN, but not from the promiscuous ports. PVLANs block all traffic to iso-
lated ports except traffic from promiscuous ports. Traffic from isolated port is for
warded only promiscuous ports.
•
Community
: Community ports communicate among themselves and with their pro-
miscuous ports. These interfaces separate at Layer 2 from all other interfaces in-
other communities or isolated ports within their PVLAN.
The difference between Private VLAN and Private VLAN edge is that PVLAN edge guar-
antees security for the ports in a VLAN using protected port and PVLAN guarantees port
security by creating sub-VLAN with the three types (Promiscuous, Isolation, and Commu-
nity). And because PVLAN edge can work on local switch, the isolation between two
switches is impossible.
antees security for the ports in a VLAN using protected port and PVLAN guarantees port
security by creating sub-VLAN with the three types (Promiscuous, Isolation, and Commu-
nity). And because PVLAN edge can work on local switch, the isolation between two
switches is impossible.
The hiD 6615 S223/S323 provides Private VLAN function like Private VLAN edge of
Cisco product. Because it does not create any sub-VLAN, port security is provided by port
Cisco product. Because it does not create any sub-VLAN, port security is provided by port