Private Vlan - TP-Link T1700X-16TS User Manual

Configuration Procedure

Configure switch A

Step Operation
1 Create VLAN10
2 Create VLAN20
Configure switch B

Step Operation
1 Create VLAN10
2 Create VLAN20
3 Create Protocol
Template
4 Create Protocol
VLAN 10
5 Create Protocol
VLAN 20

6.7 Private VLAN

Private VLANs, designed to save VLAN resources of uplink devices and decrease broadcast, are
sets of VLAN pairs that share a common primary identifier. To guarantee user information security,
the ease with which to manage and account traffic for service providers, in campus network,
service providers usually require that each individual user is Layer-2 separated. VLAN feature can
solve this problem. However, as stipulated by IEEE 802.1Q protocol, a device can only support up
to 4094 VLANs. If a service provider assigns one VLAN per user, the VLANs will be far from
enough; as a result, the number of users this service provider can support is limited.
Private VLAN adopts Layer 2 VLAN structure. A Private VLAN consists of a Primary VLAN and a
Secondary VLAN, providing a mechanism for achieving layer-2-separation between ports. For
uplink devices, all the packets received from the downstream are without VLAN tags. Uplink
devices need to identify Primary VLANs but not Secondary VLANs. Therefore, they can save
VLAN resources without considering the VLAN configuration in the lower layer. Meanwhile, the
service provider can assign each user an individual Secondary VLAN, so that users are separated
at the Layer 2 level.
Description
Required. On VLAN→802.1Q VLAN→VLAN Config page, create a
VLAN with its VLAN ID as 10, owning Port 12 and Port 13, and
configure the egress rule of Port 12 as Untagged and Port 13 as
Tagged.
Required. On VLAN→802.1Q VLAN→VLAN Config page, create a
VLAN with its VLAN ID as 20, owning Port 11 and Port 12, and
configure the egress rule of Port 11 as Tagged Port 12 as Untagged.
Description
Required. On VLAN→802.1Q VLAN→VLAN Config page, create a
VLAN with its VLAN ID as 10, owning Port 3 and Port 4, and configure
the egress rule of Port 3 as Untagged and Port 4 as Tagged.
Required. On VLAN→802.1Q VLAN→VLAN Config page, create a
VLAN with its VLAN ID as 20, owning Port 3 and Port 5, and configure
the egress rule of Port 3 as Untagged and Port 5 as Tagged.
Required. On VLAN→Protocol VLAN→Protocol Template page,
configure the protocol template practically. E.g. the Ether Type of IP
network packets is 0800 and that of AppleTalk network packets is 809B.
On VLAN→Protocol VLAN→Protocol Group page, create protocol
VLAN 10 with Protocol as IP. Select and enable Port 3, Port 4 and Port
5 for Protocol VLAN feature.
On VLAN→Protocol VLAN→Protocol Group page, create protocol
VLAN 20 with Protocol as AppleTalk. Select and enable Port 3, Port 4
and Port 5 for Protocol VLAN feature.
75