Avaya 4500, 5500, 5600 Private VLAN Edge Technical Configuration Guide
Private VLAN Edge Technical
Configuration Guide
Avaya Data Solutions
Document Date: July 2010
Document Number: NN48500-592
Document Version: 1.1
Ethernet Routing Switch
4500, 5500, 5600
Engineering
2
July 2010
avaya.com
© 2010 Avaya Inc.
All Rights Reserved.
Notices
While reasonable efforts have been made to ensure that the information in this document is complete and accurate at the time of printing,
Avaya assumes no liability for any errors. Avaya reserves the right to make changes and corrections to the information in this document
without the obligation to notify any person or organization of such changes.
Documentation disclaimer
Avaya shall not be responsible for any modifications, additions, or deletions to the original published version of this documentation unless
such modifications, additions, or deletions were performed by Avaya. End User agree to indemnify and hold harmless Avaya, Avaya’s
agents, servants and employees against all claims, lawsuits, demands and judgments arising out of, or in connection with, subsequent
modifications, additions or deletions to this documentation, to the extent made by End User.
Link disclaimer
Avaya is not responsible for the contents or reliability of any linked Web sites referenced within this site or documentation(s) provided by
Avaya. Avaya is not responsible for the accuracy of any information, statement or content provided on these sites and does not necessarily
endorse the products, services, or information described or offered within them. Avaya does not guarantee that these links will work all the
time and has no control over the availability of the linked pages.
Warranty
Avaya provides a limited warranty on this product. Refer to your sales agreement to establish the terms of the limited warranty. In addition,
Avaya’s standard warranty language, as well as information regarding support for this product, while under warranty, is available to Avaya
customers and other parties through the Avaya Support Web site: http://www.avaya.com/support
Please note that if you acquired the product from an authorized reseller, the warranty is provided to you by said reseller and not by Avaya.
Licenses
THE SOFTWARE LICENSE TERMS AVAILABLE ON THE AVAYA WEBSITE, HTTP://SUPPORT.AVAYA.COM/LICENSEINFO/ ARE
APPLICABLE TO ANYONE WHO DOWNLOADS, USES AND/OR INSTALLS AVAYA SOFTWARE, PURCHASED FROM AVAYA INC.,
ANY AVAYA AFFILIATE, OR AN AUTHORIZED AVAYA RESELLER (AS APPLICABLE) UNDER A COMMERCIAL AGREEMENT WITH
AVAYA OR AN AUTHORIZED AVAYA RESELLER. UNLESS OTHERWISE AGREED TO BY AVAYA IN WRITING, AVAYA DOES NOT
EXTEND THIS LICENSE IF THE SOFTWARE WAS OBTAINED FROM ANYONE OTHER THAN AVAYA, AN AVAYA AFFILIATE OR AN
AVAYA AUTHORIZED RESELLER, AND AVAYA RESERVES THE RIGHT TO TAKE LEGAL ACTION AGAINST YOU AND ANYONE ELSE
USING OR SELLING THE SOFTWARE WITHOUT A LICENSE. BY INSTALLING, DOWNLOADING OR USING THE SOFTWARE, OR
AUTHORIZING OTHERS TO DO SO, YOU, ON BEHALF OF YOURSELF AND THE ENTITY FOR WHOM YOU ARE INSTALLING,
DOWNLOADING OR USING THE SOFTWARE (HEREINAFTER REFERRED TO INTERCHANGEABLY AS "YOU" AND "END USER"),
AGREE TO THESE TERMS AND CONDITIONS AND CREATE A BINDING CONTRACT BETWEEN YOU AND AVAYA INC. OR THE
APPLICABLE AVAYA AFFILIATE ("AVAYA").
Copyright
Except where expressly stated otherwise, no use should be made of the Documentation(s) and Product(s) provided by Avaya. All content in
this documentation(s) and the product(s) provided by Avaya including the selection, arrangement and design of the content is owned either
by Avaya or its licensors and is protected by copyright and other intellectual property laws including the sui generis rights relating to the
protection of databases. You may not modify, copy, reproduce, republish, upload, post, transmit or distribute in any way any content, in
whole or in part, including any code and software. Unauthorized reproduction, transmission, dissemination, storage, and or use without the
express written consent of Avaya can be a criminal, as well as a civil offense under the applicable law.
Third Party Components
Certain software programs or portions thereof included in the Product may contain software distributed under third party agreements ("Third
Party Components"), which may contain terms that expand or limit rights to use certain portions of the Product ("Third Party Terms").
Information regarding distributed Linux OS source code (for those Products that have distributed the Linux OS source code), and identifying
the copyright holders of the Third Party Components and the Third Party Terms that apply to them is available on the Avaya Support Web
site: http://support.avaya.com/Copyright.
Trademarks
The trademarks, logos and service marks ("Marks") displayed in this site, the documentation(s) and product(s) provided by Avaya are the
registered or unregistered Marks of Avaya, its affiliates, or other third parties. Users are not permitted to use such Marks without prior written
consent from Avaya or such third party which may own the Mark. Nothing contained in this site, the documentation(s) and product(s) should
be construed as granting, by implication, estoppel, or otherwise, any license or right in and to the Marks without the express written
permission of Avaya or the applicable third party. Avaya is a registered trademark of Avaya Inc. All non-Avaya trademarks are the property of
their respective owners.
Downloading documents
For the most current versions of documentation, see the Avaya Support. Web site: http://www.avaya.com/support.
Contact Avaya Support
Avaya provides a telephone number for you to use to report problems or to ask questions about your product. The support telephone number
is 1-800-242-2121 in the United States. For additional support telephone numbers, see the Avaya Web site: http://www.avaya.com/support.
Private VLAN Edge Technical Configuration Guide
3
July 2010
avaya.com
Abstract
This Technical Configuration Guide illustrates the configurations necessary for the Private VLAN Edge
functionality on the Ethernet Routing Switches. The use of the Secure Router is also included for a
specific scenario.
Private VLAN Edge Technical Configuration Guide
4
July 2010
avaya.com
Table of Contents
Document Updates ..................................................................................................................................... 5
Conventions ................................................................................................................................................ 5
1. Private VLAN Edge .............................................................................................................................. 6
2. Configuration Example ....................................................................................................................... 7
2.1 Private VLAN Example for Internet Access using an Avaya Ethernet Routing Switch 4500
Series 7
2.2 Private VLAN Example using VLAN Tagging for Server Backup an Avaya Ethernet Routing
Switch 5520-24T-PWR ............................................................................................................................ 14
3. Customer service .............................................................................................................................. 17
3.1 Getting technical documentation ................................................................................................. 17
3.2 Getting product training ............................................................................................................... 17
3.3 Getting help from a distributor or reseller .................................................................................... 17
3.4 Getting technical support from the Avaya Web site .................................................................... 17
Private VLAN Edge Technical Configuration Guide
5
July 2010
avaya.com
Tip – Highlights a configuration or technical tip.
Note – Highlights important information to the reader.
Warning – Highlights important information about an action that may result in equipment
damage, configuration or data loss.
Bold text indicates emphasis.
Italic text in a Courier New font indicates text the user must enter or select in a menu item, button
or command:
ERS5520-48T# show running-config
Output examples from Avaya devices are displayed in a Lucinda Console font:
ERS5520-48T# show running-config
! Embedded ASCII Configuration Generator Script
! Model = Ethernet Routing Switch 5520-24T-PWR
! Software version = v5.0.0.011
enable
configure terminal
Document Updates
July 2010
Conventions
This section describes the text, image, and command conventions used in this document.
Symbols:
Text:
Private VLAN Edge Technical Configuration Guide
6
July 2010
avaya.com
Hotel
Ethernet
Routing
Switch
Guest
PCs
Secure
Router
Guest PC traffic must be able to access the
Internet but remain isolated from each other
1. Private VLAN Edge
One of the challenges that face many enterprise customers is the ability to ensure traffic separation at the
edge of the network. That is, the multiple end-users should not be able to communicate with one another
without having to pass through a firewall. On the Ethernet edge switch this is especially a concern given
that different end users may be connected to different ports on the same switch. Thus, the Ethernet edge
switch must be configured such that the various hosts are isolated from one another.
One way to do this is to configure the Ethernet edge switch such that the group of ports for a given set of
users are in a unique VLAN. This method provides the desired security and isolation; however, as the
total number of users increases so do the total number of VLANs. This may place higher demands on the
scalability requirements of the downstream Ethernet aggregation switch.
A simple and elegant solution is to use Private VLANs which provide end user and server separation in a
Layer 2 (L2) broadcast domain by forcing all unicast and broadcast traffic to be forwarded only to a
specific egress port. In a L2 domain, private VLANs prevent end users or servers from communicating
with each other, while at the same time, allowing traffic to be forwarded via a specific egress port.
A common requirement for Private VLANs exist in hotel applications where guest room traffic must be
separated from each other and forwarded only via the switch uplink port for internet access.
The private VLAN edge is a feature available on the Ethernet Routing Switch 5000 and Ethernet Routing
Switch 4500 series of switches and can be enabled by configuring a policy.
Please note the policy that is used for Private VLAN Edge can only force all traffic to one egress port.
Thus, the policy cannot be applied to either a Multilink Trunking (MLT) or LACP group with two or more
port members. However, on a 5000 series SMLT Switch Cluster, it could be applied on a Single Link
Trunk (SLT) port member.
Private VLAN Edge Technical Configuration Guide
Loading...