ZyXEL Communications MES3500-24F 用户手册
MES3500-24/24F User’s Guide
262
C
H A P T E R
3 3
Private VLAN
This chapter shows you how to configure the Switch to prevent communications between ports in a
VLAN.
VLAN.
33.1 Private VLAN Overview
Private VLAN allows you to do port isolation within a VLAN in a simple way. If you enable a private
VLAN rule for a VLAN on the Switch, the Switch automatically adds all ports (except the uplink
port(s)) in this VLAN to the isolated port list and blocks traffic between the isolated ports. The
uplink ports (25 to 28) are always in the promiscuous port list. A promiscuous port can
communicate with any port in the same VLAN. An isolated port can communicate with the
promiscuous port(s) only.
VLAN rule for a VLAN on the Switch, the Switch automatically adds all ports (except the uplink
port(s)) in this VLAN to the isolated port list and blocks traffic between the isolated ports. The
uplink ports (25 to 28) are always in the promiscuous port list. A promiscuous port can
communicate with any port in the same VLAN. An isolated port can communicate with the
promiscuous port(s) only.
Note: You can have up to one private VLAN rule for each VLAN.
In the following example, ports 1, 2, 3 and 25 belong to VLAN 123. You configure and enable
private VLAN for VLAN 123 on the Switch. Then ports 1, 2 and/or 3 cannot send traffic to each
other, but they all can talk to the uplink port 25.
private VLAN for VLAN 123 on the Switch. Then ports 1, 2 and/or 3 cannot send traffic to each
other, but they all can talk to the uplink port 25.
Figure 147
Private VLAN Example
Note: Make sure you keep at least one port in the promiscuous port list for a VLAN with
private VLAN enabled. Otherwise, this VLAN is blocked from the whole network.
Isolated ports: 1 ~ 3
Promiscuous port: 25
Promiscuous port: 25
VLAN 123
2
3
25