Avaya 5600 Series Посібник з конфігурації - Сторінка 6

Переглянути онлайн або завантажити pdf Посібник з конфігурації для IP-телефон Avaya 5600 Series. Avaya 5600 Series 17 сторінок. Gigabit, ip phones
Також для Avaya 5600 Series: Інструкції з монтажу та техніки безпеки (11 сторінок), Посібник зі швидкого встановлення (2 сторінок), Посібник з монтажу (14 сторінок), Інформація про продукт (2 сторінок)

avaya.com

1. Private VLAN Edge

One of the challenges that face many enterprise customers is the ability to ensure traffic separation at the

edge of the network. That is, the multiple end-users should not be able to communicate with one another

without having to pass through a firewall. On the Ethernet edge switch this is especially a concern given

that different end users may be connected to different ports on the same switch. Thus, the Ethernet edge

switch must be configured such that the various hosts are isolated from one another.

One way to do this is to configure the Ethernet edge switch such that the group of ports for a given set of

users are in a unique VLAN. This method provides the desired security and isolation; however, as the

total number of users increases so do the total number of VLANs. This may place higher demands on the

scalability requirements of the downstream Ethernet aggregation switch.

A simple and elegant solution is to use Private VLANs which provide end user and server separation in a

Layer 2 (L2) broadcast domain by forcing all unicast and broadcast traffic to be forwarded only to a

specific egress port. In a L2 domain, private VLANs prevent end users or servers from communicating

with each other, while at the same time, allowing traffic to be forwarded via a specific egress port.

A common requirement for Private VLANs exist in hotel applications where guest room traffic must be

separated from each other and forwarded only via the switch uplink port for internet access.

Hotel

Guest PC traffic must be able to access the

Internet but remain isolated from each other

Guest

PCs

Ethernet

Secure

Routing

Router

Switch

The private VLAN edge is a feature available on the Ethernet Routing Switch 5000 and Ethernet Routing

Switch 4500 series of switches and can be enabled by configuring a policy.

Please note the policy that is used for Private VLAN Edge can only force all traffic to one egress port.

Thus, the policy cannot be applied to either a Multilink Trunking (MLT) or LACP group with two or more

port members. However, on a 5000 series SMLT Switch Cluster, it could be applied on a Single Link

Trunk (SLT) port member.

Private VLAN Edge Technical Configuration Guide

July 2010