Private vlan configuration guidelines, Private vlan configuration example – Juniper Networks EX2500 User Manual

EX2500 Ethernet Switch Configuration Guide

32

„

Private VLANs

Private VLAN Configuration Guidelines

The following guidelines apply when configuring private VLANs:

„

The default VLAN 1 cannot be a private VLAN.

„

The management VLAN 4095 cannot be a private VLAN. The management port
cannot be a member of a private VLAN.

„

IGMP Snooping must be disabled on isolated VLANs.

„

Each secondary port’s (isolated port and community ports) PVID must match
its corresponding secondary VLAN ID.

„

Ports within a secondary VLAN cannot be members of other VLANs.

„

All VLANs that make up the private VLAN must belong to the same Spanning
Tree Group.

„

Static MAC addresses can be assigned on the primary VLAN only and not on
the secondary VLAN port.

„

The private VLAN table is cleared and reconfigured each time port membership
in the private VLAN changes.

Private VLAN Configuration Example

Follow this procedure to configure a private VLAN.

1.

Select a VLAN and define the private VLAN type as primary.

ex2500(config)# vlan 100
ex2500(config-vlan)# enable
ex2500(config-vlan)# member 2
ex2500(config-vlan)# private-vlan type primary
ex2500(config-vlan)# private-vlan enable
ex2500(config-vlan)# exit

2.

Configure a secondary VLAN and map it to the primary VLAN.

ex2500(config)# vlan 110
ex2500(config-vlan)# enable
ex2500(config-vlan)# member 3
ex2500(config-vlan)# member 4
ex2500(config-vlan)# private-vlan type isolated
ex2500(config-vlan)# private-vlan map 100
ex2500(config-vlan)# private-vlan enable
ex2500(config-vlan)# exit

3.

Verify the configuration.

ex2500(config)# show private-vlan

Private-VLAN Type Mapped-To Status Ports
------------ --------- ---------- ---------- -----------------
100 primary 110 ena 2
110 isolated 100 ena 3-4