Avaya 5600 Series 구성 매뉴얼 - 페이지 6
{카테고리_이름} Avaya 5600 Series에 대한 구성 매뉴얼을 온라인으로 검색하거나 PDF를 다운로드하세요. Avaya 5600 Series 17 페이지. Gigabit, ip phones
Avaya 5600 Series에 대해서도 마찬가지입니다: 설치 및 안전 지침 (11 페이지), 빠른 설치 매뉴얼 (2 페이지), 설치 작업 지원 (14 페이지), 제품 정보 (2 페이지)
avaya.com
1. Private VLAN Edge
One of the challenges that face many enterprise customers is the ability to ensure traffic separation at the
edge of the network. That is, the multiple end-users should not be able to communicate with one another
without having to pass through a firewall. On the Ethernet edge switch this is especially a concern given
that different end users may be connected to different ports on the same switch. Thus, the Ethernet edge
switch must be configured such that the various hosts are isolated from one another.
One way to do this is to configure the Ethernet edge switch such that the group of ports for a given set of
users are in a unique VLAN. This method provides the desired security and isolation; however, as the
total number of users increases so do the total number of VLANs. This may place higher demands on the
scalability requirements of the downstream Ethernet aggregation switch.
A simple and elegant solution is to use Private VLANs which provide end user and server separation in a
Layer 2 (L2) broadcast domain by forcing all unicast and broadcast traffic to be forwarded only to a
specific egress port. In a L2 domain, private VLANs prevent end users or servers from communicating
with each other, while at the same time, allowing traffic to be forwarded via a specific egress port.
A common requirement for Private VLANs exist in hotel applications where guest room traffic must be
separated from each other and forwarded only via the switch uplink port for internet access.
Hotel
Guest PC traffic must be able to access the
Internet but remain isolated from each other
Guest
PCs
Ethernet
Secure
Routing
Router
Switch
The private VLAN edge is a feature available on the Ethernet Routing Switch 5000 and Ethernet Routing
Switch 4500 series of switches and can be enabled by configuring a policy.
Please note the policy that is used for Private VLAN Edge can only force all traffic to one egress port.
Thus, the policy cannot be applied to either a Multilink Trunking (MLT) or LACP group with two or more
port members. However, on a 5000 series SMLT Switch Cluster, it could be applied on a Single Link
Trunk (SLT) port member.
Private VLAN Edge Technical Configuration Guide
July 2010
6