VLANs whose VLAN ID are contiguous when creating a VLAN group. VLANs in a group share a
broadcast domain and form a subnet, communication between groups needs to go through
Layer 3 transmission. VLANs in different VLAN groups should not overlap. For example, VLAN
10-19 are chosen to be in a VLAN group, any other VLAN group can’t have any of them between
10-19.
There is an unique primary VLAN in each group, the primary VLAN ID must fall in the VLAN
range of the group, and can be any of them in the range, for example you can use a VLAN ID
like 10 for a group with range 10-19. The primary VLAN is used to create subnet for a VLAN
group, since one group has only one subnet. Thus users can just create a subnet on the primary
VLAN, and not allowed on other VLANs in the group.
The VLAN range should be large enough to accommodate all devices, otherwise the creation of
VLAN group may fail finally. The VLAN range depends on the number of separated ports and
shared port groups, each separated port forms a VLAN, so is each shared port group. Thus you
can get an inequality formula for the VLAN range of a VLAN group: No. VLANs > No. separated
ports + No. shared port 1 (one for the primary VLAN). For example, in Figure4-1, there
are 2 separated ports, 2 shared port groups, so the total number of VLANs in this group should
be at least 5.
The upper limit for VLAN range (i.e., the number of VLANs in the VLAN group) is 26. Since there
are only 26 ports on the iSpirit 3026 switch, this won’t be a problem.
3 . Ivate VLAN with normal VLAN
A normal VLAN represents a broadcast domain, each VLAN can form a sub-network, and
communication across VLANs should go through Layer 3 transmission; while for private VLAN,
a broadcast domain needs a private VLAN group. Each private VLAN group can form a
sub-network, which is created in the main VLAN of the private VLAN group. Communication
across multiple private VLAN groups should go through Layer 3 transmission, while
communication inside a group just needs Layer 2 transmission.
When creating a private VLAN group, users should make sure that any VLAN in its VLAN range
is NOT occupied by any normal VLAN. Otherwise, it won’t be created. So is for creating normal
VLAN.
When adding a port to a private VLAN group, it can be a promiscuous port, a common port or a
separation port. No matter what kind of port it is, if it’s already an untagged member of a normal
VLAN, it should be removed from the normal VLAN first.
When adding a port to a normal VLAN, if the port already belongs to a private VLAN group, it