Table of Contents
Advertisement
Related
Documentation
Understanding Private VLANs on EX Series Switches
Copyright © 2010, Juniper Networks, Inc.
To learn more about configuring routing protocols and policies, see the Junos OS Routing
Protocols Configuration Guide at
http://www.juniper.net/techpubs/software/junos/index.html
Understanding Layer 2 Protocol Tunneling on EX Series Switches on page 1299
Understanding Multiple VLAN Registration Protocol (MVRP) on EX Series Switches
on page 1296
Example: Setting Up Basic Bridging and a VLAN for an EX Series Switch on page 1305
Example: Setting Up Bridging with Multiple VLANs for EX Series Switches on page 1312
Example: Configure Automatic VLAN Administration Using GVRP on page 1329
Example: Connecting an Access Switch to a Distribution Switch on page 1320
The private VLAN (PVLAN) feature on Juniper Networks EX Series Ethernet Switches
allows an administrator to split a broadcast domain into multiple isolated broadcast
subdomains, essentially putting a VLAN inside a VLAN. Just like regular VLANs, PVLANs
are isolated on Layer 2 and require that a Layer 3 device be used to route traffic among
them. Private VLANs are useful for restricting the flow of broadcast and unknown unicast
traffic and for limiting the communication between known hosts.
NOTE: Configuring a voice over IP (VoIP) VLAN on PVLAN interfaces is not
supported.
In a private VLAN, one VLAN is designated the primary VLAN, and other VLANs are nested
inside that VLAN as secondary VLANs.
Primary—A VLAN used to forward frames downstream to isolated and community
VLANs.
Isolated—A secondary VLAN that receives packets only from the primary VLAN and
forwards frames upstream to the primary VLAN.
Community—A secondary VLAN that transports frames among community interfaces
within the same community and forwards frames upstream to the primary VLAN.
Private VLANs provide IP address conservation and efficient allocation of those IP
addresses. In a typical network, VLANs usually correspond to a single IP subnet. In private
VLANs, the hosts in all the secondary VLANs still belong to the same IP subnet as the
subnet allocated to the primary VLAN. Hosts within the secondary VLAN are numbered
out of IP subnets associated with the primary VLAN, and their IP subnet masking
information reflects that of the primary VLAN subnet. Any primary routed VLAN interfaces
(RVIs) perform functions similar to proxy ARP to enable communication between hosts
that are members of a different secondary VLAN.
Chapter 57: Bridging and VLANs—Overview
.
1289
Advertisement
Chapters
Table of Contents
Troubleshooting
