Table of Contents
Advertisement
VLAN 100
VLAN 400
HR
Community
PVLAN Ethernet Switch Ports
Copyright © 2010, Juniper Networks, Inc.
Figure 35: PVLAN Spanning Multiple Switches
VLAN 300
Finance Community
Contains VLAN 100,VLAN 200,
VLAN 300, and VLAN 400.
Switch 1
VLAN 200
Mail server
Backup server
Isolated Domain
PVLANs can have the following types of switch ports:
Promiscuous port—An upstream (trunk) port that is connected to the routers or shared
resources. These ports have Layer 2 connectivity to all the other ports on the switch,
including the isolated ports.
Community port—An access port that belongs to a community. These ports have Layer
2 connectivity with other ports in the same community.
Isolated port—An access port that is isolated from the other ports on the switch. Isolated
ports have Layer 2 connectivity only with promiscuous ports and PVLAN trunk ports.
An isolated port cannot communicate with another isolated port even if they are
members of the same isolated VLAN (or inter-switch isolated VLAN) domain. Typically,
a server (such as a mail server or a backup server) is connected on this type of port.
PVLAN trunk port—A trunk port that connects two switches when a PVLAN is configured
spanning those switches. The PVLAN trunk port is a member of all the VLANs within
the PVLAN (that is, the primary VLAN, the community VLANs, and the inter-switch
isolated VLAN). It can communicate with all ports other than the isolated ports.
The membership of the PVLAN trunk port in the inter-switch isolated VLAN is
"egress-only". Incoming traffic on the PVLAN trunk port will never get assigned to the
inter-switch isolated VLAN. The communication between a PVLAN trunk port and an
Chapter 63: Bridging and VLANs—Overview
VLAN 300
Finance
Community
PVLAN Trunk
Switch 2
VLAN 200
CVS server
Isolated Domain
VLAN 400
HR
Community
Router
1509
Advertisement
Chapters
Table of Contents
Troubleshooting
