1. Manuals
  2. Brands
  3. Allied Telesis Manuals
  4. Switch
  5. Layer 3 Switches
  6. Network manual

Protecting The User; Using Private Vlans - Allied Telesis Layer 3 Switches Network Manual

Managed layer 3 switches
Hide thumbs
Table of Contents

Advertisement

Protecting the user

This section describes the following methods of protecting users from other users on the
network:
"Using private VLANs" on page
other switch ports in the same VLAN.
"Using local proxy ARP and MAC-forced forwarding" on page
traffic in a network to go via an access router.
"Using IPsec to make VPNs" on page
insecure network.
"Protecting against worms" on page
users of the network.

Using private VLANs

Private VLANs are an excellent way of preventing hosts on
a subnet from attacking each other. Essentially, each switch
port is isolated from other ports in the VLAN, but can
access another network through an uplink port or uplink
trunk group. All traffic between private ports is blocked, not
just Layer 2 traffic.
uplink port
switch
legitimate
hacker
customer
Configuration
1.
Create the VLAN, specifying that it is private.
2.
Add the uplink port, or the ports in the uplink trunk group, to the VLAN. For a trunk
group, the ports must already be trunked together, and you must specify all the ports in
the trunk group. Note that on Rapier 48i and AT-8748XL switches, the uplink and private
ports must be in the same switch instance. See the Switching chapter of the Software
Reference for more information about switch instances.
3.
Add the private ports to the VLAN.
Create A Secure Network With Allied Telesis Managed Layer 3 Switches
Private VLANs are reasonably flexible. A
private port can be a member of multiple
private VLANs. However, a port cannot be a
private port in some VLANs and a non-private
port in others.
On AT-8600, AT-8700XL, Rapier i and AT-8800
Series switches running 2.9.1 or later, each
private VLAN can have multiple uplink ports.
This allows you to use private VLANs on
switches that are connected in a ring topology. Also, you can group private
ports together on these switches, which allows the ports in a group to
communicate with each other but not with other ports in the VLAN.
Note that ports are only isolated from ports on the same physical switch, not
from ports on other switches reached through an uplink port.
18. This feature isolates switch ports in a VLAN from
24. This feature creates secure tunnels through an
25. These methods reduce the damage worms do to
Protecting the user
19. These features force all
Products
AT-8600 Series
AT-8700XL Series
Rapier i Series
Rapier Series
AT-8800 Series
AT-8948
x900-48 Series
AT-9900 Series
AT-9924Ts
x900-24 Series
Software Versions
All
18
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for Allied Telesis Layer 3 Switches

Related Content for Allied Telesis Layer 3 Switches

This manual is also suitable for:

At-8600At-8700xlAt-8800Rapier iSwitchbladeAt-9800 ... Show all

Table of Contents

Save Article as PDF