161
Configuring the private VLAN
The private VLAN feature uses a two-tier VLAN structure, including a primary VLAN and secondary
VLANs. This feature simplifies the network configuration and saves VLAN resources.
A primary VLAN is used for upstream data exchange. A primary VLAN can be associated with multiple
secondary VLANs. Because the upstream device identifies only the primary VLAN and not the secondary
VLANs, network configuration is simplified and VLAN resources are saved.
Secondary VLANs are isolated at Layer 2. To enable communication between secondary VLANs
associated with the same primary VLAN, you can enable local proxy ARP on the upstream device (for
example, Device A in
) to implement Layer 3 communication between the secondary VLANs.
As shown in
, the private VLAN feature is enabled on Device B. VLAN 10 is the primary VLAN.
VLAN 2, VLAN 5, and VLAN 8 are secondary VLANs associated with VLAN 10 and are invisible to
Device A.
Figure 44
Private VLAN example
Configuration task list
To configure the private VLAN feature, perform the following tasks:
1.
Configure the primary VLAN.
2.
Configure secondary VLANs.
3.
Configure uplink and downlink ports in the following workflow:
{
Configure the uplink port, for example, the port connecting Device B to Device A in
.
−
When the port allows only one primary VLAN, configure the port to operate in promiscuous
mode in the primary VLAN. The uplink ports can be automatically assigned to the primary
VLAN and its associated secondary VLANs.
−
When the port allows multiple primary VLANs, configure the port to operate in trunk
promiscuous mode in the primary VLANs. The uplink ports can be automatically assigned
to the primary VLANs and their associated secondary VLANs.
