Configuration Example; Private Vlan Example For Internet Access Using An Avaya Ethernet Routing Switch 4500 Series - Avaya 4500 Configuration Manual

2. Configuration Example

2.1 Private VLAN Example for Internet Access using an
Avaya Ethernet Routing Switch 4500 Series
The following configuration example details the configuration of an Ethernet Routing Switch 4550T-PWR
(4550T-1) for Private VLAN Edge in a L2 broadcast domain. After proper configuration, all end-user
traffic, both unicast and non-unicast, from ports 21 through 26 will be forwarded only to port 27 where the
Secure Router is connected. The Secure Router will provide DHCP, firewall, and NAT/PAT services.
Note that any ERS 4500 or 5000 series Ethernet Routing Switch can be used in this scenario.
For this example:

Configure 4550T-1 as follows:
o
Add data VLAN 1000 with port members 21 to 27
o
Add a policy with an Interface action extension to force all traffic from ports 21 to 26 to
uplink port 27
o
All ports are untagged

Configure Secure Router 1001 as follows:
o
Add a DHCP scope (192.168.96.21-254) for the end users
o
Enable PAT between Eth0 and Eth1 using the internal firewall
In this example, the Secure Router is configured with Firewall to perform NAT/PAT
functionality. The Secure Router in this case will not forward traffic between the end
users. If you are using a router without firewall capability, it is suggested to add a filter

on the router to drop traffic on the local end user subnet to prevent the users from
communicating with each other via the router. For example, if using the local subnet as
illustrated in the drawing above, create a filter on the router to drop traffic with a
destination address of 192.168.96.0/24 applied to interface Eth0.
July 2010
Private VLAN Edge Technical Configuration Guide
avaya.com
7