Configuring the private vlan, Configuration task list – H3C Technologies H3C S5560 Series Switches User Manual
Page 185
151
Configuring the private VLAN
The private VLAN feature uses a two-tier VLAN structure, including a primary VLAN and secondary
VLANs. This feature simplifies the network configuration and saves VLAN resources.
A primary VLAN is used for upstream data exchange. A primary VLAN can be associated with multiple
secondary VLANs. Because the upstream device identifies only the primary VLAN and not the secondary
VLANs, network configuration is simplified and VLAN resources are saved.
Secondary VLANs are isolated at Layer 2. To enable Layer 3 communication between secondary VLANs
associated with the same primary VLAN, you can enable local proxy ARP or ND on the upstream device
(for example, Device A in
).
As shown in
, the private VLAN feature is enabled on Device B. VLAN 10 is the primary VLAN.
VLAN 2, VLAN 5, and VLAN 8 are secondary VLANs associated with VLAN 10 and are invisible to
Device A.
Figure 46 Private VLAN example
Configuration task list
To configure the private VLAN feature, perform the following tasks:
1.
Configure the primary VLAN.
2.
Configure the secondary VLANs.
3.
Configure the uplink and downlink ports:
{
Configure the uplink port (for example, the port connecting Device B to Device A in
):
−
When the port allows only one primary VLAN, configure the port as a promiscuous port of
the primary VLAN. The promiscuous port can be automatically assigned to the primary
VLAN and its associated secondary VLANs.
−
When the port allows multiple primary VLANs, configure the port as a trunk promiscuous
port of the primary VLANs. The trunk promiscuous port can be automatically assigned to
these primary VLANs and their associated secondary VLANs.