Netgear GS728TP User Manual Page 407
- Page / 530
- Table of contents
- TROUBLESHOOTING
- BOOKMARKS
Rated. / 5. Based on customer reviews
Managing Device Security
407
ProSafe M5300 Switch
Private VLAN
The Private VLANs feature provides Layer 2 isolation between ports that share the same
broadcast domain. In other words, it allows a VLAN broadcast domain to be partitioned into
smaller point-to-multipoint subdomains. The ports participating in a private VLAN can be
located anywhere in the Layer 2 network.
Each subdomain is defined (represented) by a primary VLAN and a secondary VLAN. The
primary VLAN ID is the same for all subdomains that belong to a private VLAN. The
secondary VLAN ID differentiates subdomains from each another and provides Layer 2
isolation between ports of the same private VLAN.
Private VLANs are typically implemented in the DMZ for security reasons. Servers are not
supposed to communicate with each other, but they need to communicate to a router through
which they are connected to the users. Such servers are typically connected to host ports
and routers are attached to promiscuous ports. Then, if one of the servers is compromised,
the intruder cannot use it to attack another server in the same network segment.
The same traffic isolation can be achieved by assigning each port with a different VLAN,
allocating an IP subnet for each VLAN and enabling L3 routing between them. On the other
hand, in a private VLAN domain, all members can share a common address space of a single
subnet which is associated with a primary VLAN. So, the advantage of the private VLANs
feature is that it reduces the number of consumed VLANs, improves IP addressing space
utilization, and helps to avoid L3 routing.
The Private VLAN folder contains links to the following features:
• Private VLAN Type Configuration on page 407
• Private VLAN Association Configuration on page 408
• Private VLAN Port Mode Configuration on page 409
• Private VLAN Host Interface Configuration on page 410
• Private VLAN Promiscuous Interface Configuration on page 411
Private VLAN Type Configuration
Use this page to set an existing VLAN as a private VLAN type. A private VLAN can be one of
the following types:
• A Primary VLAN forwards the traffic from the promiscuous ports to isolated ports,
community ports and other promiscuous ports in the same private VLAN. Only one
primary VLAN can be configured per private VLAN. All ports within a private VLAN share
the same primary VLAN.
• An Isolated VLAN is a secondary VLAN. It carries traffic from isolated ports to
promiscuous ports. Only one isolated VLAN can be configured per private VLAN.
• A Community VLAN is a secondary VLAN. It forwards traffic between ports which belong
to the same community and to the promiscuous ports. There can be multiple community
VLANs per private VLAN.
To display the Private VLAN Type Configuration page, click the Security Traffic Control
Private VLAN > Private VLAN Type Configuration.
- ProSafe M5300 Switch 1
- Technical Support 2
- Statement of Conditions 2
- Revision History 2
- Contents 3
- Chapter 4 Routing 5
- Chapter 8 Maintenance 7
- Chapter 9 Help 8
- Appendix A Default Settings 8
- Using the Web Interface 10
- Getting Started 11
- Page Link 12
- Configuration 12
- Table 1. Command Buttons 12
- Device View 13
- Device View System LEDs 14
- Device View Navigation 15
- Help Page Access 16
- User-Defined Fields 16
- Interface Naming Convention 17
- Management 19
- System Information 20
- Switch Status 21
- FAN Status 22
- Temperature Status 22
- Device Status 23
- Switch Statistics 24
- System CPU Status 26
- Slot Information 27
- Supported Card 28
- Supported Switch 28
- Loopback Interface 29
- Network Interface 30
- SNTP Global Configuration 35
- SNTP Global Status 37
- SNTP Server Configuration 38
- DNS Configuration 40
- Host Configuration 41
- SDM Template Preference 42
- License Key 43
- License Features 44
- Services 45
- DHCP Pool Configuration 47
- DHCP Pool Options 49
- DHCP Server Statistics 50
- DHCP Bindings Information 51
- DHCP Conflicts Information 52
- DHCP Relay 53
- DHCP L2 Relay 54
- UDP Relay 57
- DHCPv6 Server 59
- DHCPv6 Server Configuration 60
- DHCPv6 Pool Configuration 60
- DHCPv6 Bindings Information 64
- DHCPv6 Server Statistics 65
- DHCPv6 Relay 66
- Stacking 68
- Configuration Maintenance 69
- Stack Master Election 70
- Nonstop Forwarding 71
- Stack Configuration 72
- Stack Port Configuration 74
- Stack Port Diagnostics 76
- Checkpoint Statistics 80
- Basic PoE Configuration 83
- PoE Port Configuration 84
- SNMPV1/V2 87
- Trap Configuration 89
- Trap Flags 90
- Supported MIBs 91
- SNMP V3 User Configuration 92
- LLDP Global Configuration 94
- LLDP Interface Configuration 95
- LLDP Statistics 96
- LLDP Local Device Information 97
- LLDP-MED 100
- LLDP-MED Global Configuration 101
- ProSafe M5300 Switch 103
- Interface menu 105
- ISDP Global Configuration 109
- Advanced ISDP Configuration 110
- ISDP Interface Configuration 111
- ISDP Neighbor 111
- ISDP Statistics 113
- Timer Schedule 114
- Timer Schedule Configuration 115
- Periodic 116
- Absolute 116
- VLAN Configuration 120
- Advanced 122
- VLAN Status 124
- Port PVID Configuration 125
- MAC Based VLAN 126
- IP Subnet Based VLAN 129
- Port DVLAN Configuration 130
- Voice VLAN Configuration 131
- GARP Switch Configuration 132
- GARP Port Configuration 133
- Auto-VoIP Configuration 134
- OUI-Based 136
- OUI Port Settings 137
- OUI Table 138
- Global Configuration 139
- Sessions Detailed 142
- Spanning Tree Protocol 143
- CST Configuration 146
- CST Port Configuration 148
- CST Port Status 150
- MST Configuration 151
- MST Port Status 153
- STP Statistics 155
- Multicast 156
- MFDB Statistics 157
- IGMP Snooping 158
- IGMP Snooping Configuration 159
- IGMP VLAN Configuration 161
- IGMP Snooping Querier 163
- MLD Snooping 167
- MLD VLAN Configuration 169
- MVR Configuration 173
- MVR Interface Configuration 175
- MVR Group Membership 176
- MVR Statistics 176
- Address Table 177
- Static MAC Address 180
- Port Configuration 181
- Port Description 182
- Link Aggregation Groups 184
- LAG Membership 186
- Routing 189
- Route Configuration 190
- IP Configuration 193
- Statistics 194
- Secondary IP Address 200
- IPv6 Global Configuration 202
- IPv6 Route Table 203
- IPv6 Prefix Configuration 206
- IPv6 Statistics 207
- ICMPv6 Statistics 210
- IPv6 Neighbor Table 212
- IPv6 Route Configuration 214
- IPv6 Route Preferences 215
- Tunnel Configuration 216
- VLAN Routing Wizard 218
- VLAN Routing Configuration 219
- Static ARP Cache 222
- ARP Table Configuration 223
- RIP Configuration (Basic) 225
- Interface Configuration 227
- Route Redistribution 230
- OSPF Configuration (Basic) 232
- OSPF Configuration (Advanced) 234
- Common Area Configuration 237
- Stub Area Configuration 238
- NSSA Area Configuration 239
- Area Range Configuration 241
- OSPF Interface Statistics 246
- OSPF Neighbor Table 249
- Link State Database 251
- Virtual Link Configuration 252
- NSF OSPF Summary 256
- OSPFv3 Configuration 257
- Interface Statistics 269
- Neighbor Table 272
- NSF OSPFv3 Summary 278
- Router Discovery 279
- VRRP Configuration 280
- Tracking Configuration 283
- Virtual Router Statistics 284
- Mroute Table 287
- DVMRP Global Configuration 291
- DVMRP Interface Configuration 291
- DVMRP Neighbor 293
- DVMRP Next Hop 294
- DVMRP Prune 294
- DVMRP Route 295
- IGMP Global Configuration 296
- IGMP Groups 299
- IGMP Membership 300
- IGMP Proxy Membership 303
- PIM Global Configuration 304
- SSM Configuration 305
- PIM Interface Configuration 306
- PIM Neighbor 307
- Candidate RP Configuration 308
- BSR Candidate Configuration 309
- Static RP Configuration 310
- Static Routes Configuration 311
- Admin Boundary Configuration 312
- IPv6 Multicast 313
- IPv6 PIM 314
- PIM SSM Configuration 315
- PIM Static RP Configuration 320
- MLD Global Configuration 321
- MLD Groups 324
- MLD Traffic 325
- Proxy Interface Statistics 327
- MLD Proxy Membership 328
- Class of Service 331
- CoS Configuration 332
- IP DSCP to Queue Mapping 334
- CoS Interface Configuration 335
- Interface Queue Configuration 336
- Differentiated Services 339
- DiffServ Class created 340
- DiffServ Configuration 341
- IPv6 Class Configuration 346
- Policy Configuration 348
- Service Statistics 352
- Managing Device Security 355
- Local User 356
- User Password Configuration 357
- Enable Password Configuration 358
- Line Password Configuration 358
- Radius Configuration 360
- RADIUS Server Configuration 361
- Configuring TACACS+ 364
- TACACS+ Configuration 365
- TACACS+ Server Configuration 365
- Login Authentication List 366
- Enable Authentication List 367
- Dot1x Authentication List 369
- HTTP Authentication List 369
- HTTPS Authentication List 370
- Login Sessions 371
- Configuring Management Access 372
- HTTPS Configuration 373
- Certificate Management 375
- Certificate Download 375
- SSH Configuration 377
- Host Keys Management 378
- Host Keys Download 379
- Telnet Authentication List 380
- Inbound Telnet Configuration 380
- Console Port 381
- Denial of Service 382
- Access Control 384
- Access Rule Configuration 385
- Port Authentication 386
- 802.1X Configuration 387
- Port Summary 393
- Client Summary 396
- Traffic Control 397
- Port Security 399
- Dynamic MAC Address 402
- Private Group 404
- Private Group Membership 405
- Protected Ports Configuration 406
- Private VLAN 407
- Storm Control 412
- DHCP Snooping 414
- DHCP Snooping Statistics 418
- IP Source Guard 419
- Dynamic ARP Inspection 421
- DAI Configuration 422
- DAI VLAN Configuration 422
- DAI Interface Configuration 423
- DAI ACL Configuration 424
- DAI ACL Rule Configuration 424
- DAI Statistics 425
- Captive Portal 426
- Captive Portal Configuration 428
- Captive Portal Binding Table 430
- Captive Portal Trap Flags 433
- Captive Portal Client 434
- ACL Wizard 435
- MAC Rules 438
- MAC Binding Configuration 440
- IP Rules 443
- IP Extended Rules 445
- IPv6 ACL 449
- IPv6 Rules 450
- IP Binding Configuration 453
- IP Binding Table 454
- VLAN Binding Table 455
- Monitoring the System 457
- Port Statistics 458
- Port Detailed Statistics 459
- EAP Statistics 466
- Cable Test 467
- Buffered Logs 469
- Command Log Configuration 470
- Console Log Configuration 471
- SysLog Configuration 471
- Trap Logs 472
- Event Logs 474
- Persistent Logs 476
- Port Mirroring 477
- Maintenance 483
- Auto Install Configuration 484
- Device Reboot 485
- Factory Default 486
- Password Reset 486
- Upload File From Switch 487
- HTTP File Upload 488
- USB File Upload 489
- Download File To Switch 490
- HTTP File Download 492
- USB File Download 494
- File Management 495
- Dual Image Configuration 496
- Troubleshooting 497
- Ping IPv6 498
- Traceroute IPv4 499
- Traceroute IPv6 500
- Online Help 501
- User Guide 502
- Registration 503
- Default Settings 505
- Configuration Examples 509
- VLAN Example Configuration 510
- Access Control Lists (ACLs) 511
- MAC ACL Example Configuration 512
- DiffServ Traffic Classes 515
- Creating Policies 515
- Traffic Conditioning Policy 516
- 802.1X Example Configuration 520
- MSTP Example Configuration 523
- Notification of Compliance 525
- GPL License Agreement 527
Related products and manuals for Software Netgear GS728TP
Software Netgear JGS524E User Manual
(37 pages)
(37 pages)
Software Netgear STM150 User Manual
(95 pages)
(95 pages)
Software Netgear Switch L3 User Manual
(271 pages)
(271 pages)
© 2020, manymanuals.com. All rights reserved. | 0.659 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals