146
For more information about promiscuous, trunk promiscuous, host, and trunk secondary ports,
see
Layer 2—LAN Switching Command Reference
.
4.
Associate the secondary VLANs with the primary VLAN.
5.
(Optional.) Configure Layer 3 communication between the specified secondary VLANs that are
associated with the primary VLAN.
Configuration restrictions and guidelines
When you configure the private VLAN feature, follow these restrictions and guidelines:
•
After you complete the private VLAN configurations, perform the following tasks:
{
For a promiscuous port, make sure the following requirements are met:
−
The primary VLAN is the PVID of the port.
−
The port is an untagged member of the primary VLAN and secondary VLANs.
{
For a host port, make sure the following requirements are met:
−
The PVID of the port is a secondary VLAN.
−
The port is an untagged member of the primary VLAN and the secondary VLAN.
{
For a trunk promiscuous or trunk secondary port, make sure the port is a tagged member of
the primary VLANs and the secondary VLANs.
•
VLAN 1 (system default VLAN) does not support the private VLAN configuration.
Configuration procedure
To configure the private VLAN feature:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Create a VLAN and enter
VLAN view.
vlan
vlan-id
N/A
3.
Configure the VLAN as a
primary VLAN.
private-vlan primary
By default, a VLAN is not a
primary VLAN.
4.
Return to system view.
quit
N/A
5.
Create one or multiple
secondary VLANs.
vlan
{
vlan-id1
[
to vlan-id2
]
|
all
}
N/A
6.
Enable Layer 2
communication for ports in
the same secondary VLAN.
•
undo private-vlan isolated
•
private-vlan community
Use either command.
By default, ports in the same
secondary VLAN can
communicate with each other at
Layer 2.
This configuration takes effect
when the following conditions
exist:
•
The ports in the secondary
VLAN are configured as host
ports.
•
The secondary VLAN is
associated with a primary
VLAN.
7.
Return to system view.
quit
N/A
