private-vlan (VLAN interface view)

Use private-vlan secondary to enable Layer 3 communication between secondary VLANs that are associated with a primary VLAN.

Use undo private-vlan to cancel the Layer 3 communication configuration for secondary VLANs that are associated with a primary VLAN.

Syntax

private-vlan secondary vlan-id-list

undo private-vlan [ secondary vlan-id-list ]

Default

Secondary VLANs are isolated at Layer 3.

Views

VLAN interface view

Predefined user roles

network-admin

Parameters

vlan-id-list: Specifies a space-separated list of up to 10 secondary VLAN items. Each item specifies a secondary VLAN ID or a range of secondary VLAN IDs in the form of vlan-id1 to vlan-id2. The value range for secondary VLAN IDs is 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1 argument.

Usage guidelines

This command takes effect only when the following conditions exist:

This command is executed in VLAN interface view of the primary VLAN interface.
Secondary VLANs are associated with the primary VLAN.
No VLAN interfaces are created for secondary VLANs.
An IP address is assigned to the primary VLAN interface.
Local proxy ARP or ND is enabled on the primary VLAN interface.

You can create VLAN interfaces for secondary VLANs that are not enabled with Layer 3 communication. If secondary VLANs are enabled with Layer 3 communication, do not create VLAN interfaces for them.

When you execute this command in the same primary VLAN interface view multiple times, all the specified secondary VLANs are interoperable at Layer 3.

When you execute the undo private-vlan command, follow these guidelines:

If you specify the secondary vlan-id-list option, this command cancels the Layer 3 communication configuration only for the specified secondary VLANs.
If you do not specify the secondary vlan-id-list option, this command cancels the Layer 3 communication configuration for all secondary VLANs of the primary VLAN.

Examples

This example shows how to meet the following requirements:

VLAN 4 is a secondary VLAN, and it is associated with primary VLAN 2.
The uplink port () is a promiscuous port of VLAN 2.
Downlink ports and are host ports of VLANs 3 and 4, respectively.
Secondary VLANs 3 and 4 can communicate at Layer 3.

# Configure VLAN 2 as a primary VLAN and associate it with secondary VLANs 3 and 4.

<Sysname> system-view
[Sysname] vlan 3 to 4
[Sysname] vlan 2
[Sysname-vlan2] private-vlan primary
[Sysname-vlan2] private-vlan secondary 3 to 4
[Sysname-vlan2] quit

# Configure the uplink port () as a promiscuous port of VLAN 2.

[Sysname] interface 
[Sysname-] port private-vlan 2 promiscuous
[Sysname-] quit

# Assign downlink port to VLAN 3 and configure the port as a host port.

[Sysname] interface 
[Sysname-] port access vlan 3
[Sysname-] port private-vlan host
[Sysname-] quit

# Assign downlink port to VLAN 4 and configure the port as a host port.

[Sysname] interface 
[Sysname-] port access vlan 4
[Sysname-] port private-vlan host
[Sysname-] quit

# Create VLAN-interface 2 and enable Layer 3 communication between secondary VLANs 3 and 4.

[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] private-vlan secondary 3 to 4

# Assign an IP address to VLAN-interface 2.

[Sysname-Vlan-interface2] ip address 192.168.1.1 255.255.255.0

# Enable local proxy ARP on VLAN-interface 2.

[Sysname-Vlan-interface2] local-proxy-arp enable

Related commands

private-vlan (VLAN view)

private-vlan primary

prev	up	next
port private-vlan trunk secondary	home	private-vlan (VLAN view)