Overview of MUX VLANs

Background

The Multiplex VLAN (MUX VLAN) feature is used to control network resources based on VLANs.

For example, an enterprise allows both its employees and customers to access the servers on its network. However, the enterprise allows only its employees to communicate with each other and prevents customers from communicating with each other.

To allow all users to access the enterprise servers, inter-VLAN communication must be configured. Different VLANs must be assigned to the users who the enterprise wants to restrict communication. If there are many users, this configuration wastes VLAN IDs and significantly increases the network configuration and maintenance workload.

MUX VLAN provides Layer 2 isolation to allow enterprise employees to communicate while isolating customers.

Basic Concepts

A MUX VLAN consists of principal VLANs and subordinate VLANs. Subordinate VLANs are classified into separate VLANs and group VLANs. See Table 1 for a description of these roles.

**Table 1** Roles in MUX VLAN
MUX VLAN	VLAN Type	Associated Port	Access Authority
Principal VLAN	-	Principal port	A principal port can communicate with all ports in a MUX VLAN.
Subordinate VLAN	Separate VLAN	Separate port	A separate port can communicate only with a principal port and is isolated from other types of ports. Each separate VLAN must be bound to a principal VLAN.
Subordinate VLAN	Group VLAN	Group port	A group port can communicate with a principal port and the other ports in the same group, but cannot communicate with ports in other groups or a separate port. Each group VLAN must be bound to a principal VLAN.

Communication in the MUX VLAN

As shown in Figure 1, the principal port connects to the enterprise servers, the separate port connects to enterprise customers, and the group port connects to enterprise employees. This allows both enterprise customers and employees to access the enterprise servers. Enterprise employees can communicate with each other whereas enterprise customers cannot. In addition, enterprise customers and employees cannot communicate with each other.

Figure 1 MUX VLAN at the access layer

On an aggregation device, you can create a VLANIF interface for the principal VLAN. The IP address of the VLANIF interface can be used as the gateway address for servers or user hosts. As shown in Figure 2, MUX VLAN is configured on the aggregation device Switch1 to implement user isolation or interworking.

Figure 2 MUX VLAN at the aggregation layer