port private-vlan trunk secondary
Use port private-vlan trunk secondary to configure a port as a trunk secondary port of the specified VLANs and assign the port to these VLANs.
Use undo port private-vlan trunk secondary to cancel the trunk secondary attribute of a port in the specified VLANs.
Syntax
port private-vlan vlan-id-list trunk secondary
undo port private-vlan vlan-id-list trunk secondary
Default
A port is not a trunk secondary port of any VLAN.
Views
Layer 2 Ethernet interface view, Layer 2 aggregate interface view
Predefined user roles
network-admin
Parameters
vlan-id-list: Specifies a space-separated list of up to 10 secondary VLAN items. Each item specifies a secondary VLAN ID or a range of secondary VLAN IDs in the form of vlan-id1 to vlan-id2. The value range for secondary VLAN IDs is 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1 argument. Though the system default VLAN (VLAN 1) is in the valid value range, it cannot be configured in the command.
Usage guidelines
If the specified VLANs are secondary VLANs that have been associated with primary VLANs, the command also assigns the port to the associated primary VLANs. Also, the following events occur:
For an access port, the device performs the following tasks:
Changes the port link type to hybrid. The PVID of the port does not change.
Assigns the port to the secondary VLANs and the associated primary VLANs as a tagged member.
For a trunk port, the device does not change the port link type.
For a hybrid port, the device does not change the port link type.
If the port has been an untagged or tagged member of part of the secondary VLANs and their associated primary VLANs, this member attribute remains in these VLANs. The device assigns the port to the rest of the secondary VLANs and their associated primary VLANs as a tagged member.
If the hybrid port does not allow any of the secondary VLANs and their associated primary VLANs, the device assigns the port to these VLANs as a tagged member.
A trunk secondary port can join only one secondary VLAN among all secondary VLANs associated with a primary VLAN. However, it can join multiple secondary VLANs separately associated with multiple primary VLANs.
The undo form of this command does not change the VLAN attributes (allowed primary VLANs, port link type, and PVID) of the port.
When you execute the undo form of this command on a trunk secondary port of the VLANs specified by the vlan-id-list argument, one of the following events occurs:
If the port is an access port, the device does not change the VLAN configuration of the port.
If the port is a trunk or hybrid port, the device removes the port from the VLAN.
You can configure the specified VLANs as secondary VLANs before or after you execute the port private-vlan trunk secondary command.
This command does not take effect on the specified VLAN if any of the following conditions applies:
The specified VLAN does not exist.
The specified VLAN is not a secondary VLAN and is used for other purposes.
The specified VLAN shares the same primary VLAN with other secondary VLANs, and the current port has been configured as a trunk secondary port in one of the other secondary VLANs.
The port private-vlan trunk secondary command is mutually exclusive with the port private-vlan host, port private-vlan promiscuous, and port private-vlan trunk promiscuous commands.
If multiple secondary VLANs associated with different primary VLANs need to pass through the downlink port, use the port private-vlan trunk secondary command to assign the port to these secondary VLANs. The port can then transmit packets from these secondary VLANs with VLAN tags.
If only one secondary VLAN needs to pass through the downlink port, use the port private-vlan host command to assign the port to the secondary VLAN. The port can then transmit packets from the secondary VLAN without VLAN tags.
Examples
In this example, VLANs 2 and 3 are primary VLANs. VLAN 2 is associated with secondary VLAN 20. VLAN 3 is associated with secondary VLAN 30.
# Display information about Ten-GigabitEthernet 1/0/1.
[Sysname] interface ten-gigabitethernet 1/0/1 [Sysname-Ten-GigabitEthernet1/0/1] display this # interface Ten-GigabitEthernet1/0/1 # return
# Configure Ten-GigabitEthernet 1/0/1 as a trunk secondary port of VLANs 20 and 30, and then verify the configuration.
[Sysname-Ten-GigabitEthernet1/0/1] port private-vlan 20 30 trunk secondary [Sysname-Ten-GigabitEthernet1/0/1] display this # interface Ten-GigabitEthernet1/0/1 port link-type hybrid port hybrid vlan 2 3 20 30 tagged port hybrid vlan 1 untagged port private-vlan 20 30 trunk secondary # return
The output shows that:
The port link type of Ten-GigabitEthernet 1/0/1 is hybrid.
Ten-GigabitEthernet 1/0/1 is a tagged member of VLANs 2, 3, 20, and 30.
Ten-GigabitEthernet 1/0/1 is a trunk secondary port of VLANs 20 and 30.
# Execute the undo port private-vlan trunk secondary command on Ten-GigabitEthernet 1/0/1, and then verify the configuration.
[Sysname-Ten-GigabitEthernet1/0/1] undo port private-vlan 20 30 trunk secondary [Sysname-Ten-GigabitEthernet1/0/1] display this # interface Ten-GigabitEthernet1/0/1 port link-type hybrid port hybrid vlan 2 3 tagged port hybrid vlan 1 untagged # return
The output shows that:
The port link type of Ten-GigabitEthernet 1/0/1 does not change.
Ten-GigabitEthernet 1/0/1 is a tagged member of VLANs 2 and 3.
Ten-GigabitEthernet 1/0/1 is removed from VLANs 20 and 30.
In this example, VLAN 10 is not a secondary VLAN.
# Display information about Ten-GigabitEthernet 1/0/1.
<Sysname> system-view [Sysname] interface ten-gigabitethernet 1/0/1 [Sysname-Ten-GigabitEthernet1/0/1] display this # interface Ten-GigabitEthernet1/0/1 # return
# Configure Ten-GigabitEthernet 1/0/1 as a trunk secondary port of VLAN 10, and then verify the configuration.
[Sysname-Ten-GigabitEthernet1/0/1] port private-vlan 10 trunk secondary [Sysname-Ten-GigabitEthernet1/0/1] display this # interface Ten-GigabitEthernet1/0/1 port link-type hybrid port hybrid vlan 10 tagged port hybrid vlan 1 untagged port private-vlan 10 trunk secondary # return
The output shows that:
The port link type of Ten-GigabitEthernet 1/0/1 is hybrid.
Ten-GigabitEthernet 1/0/1 is a tagged member of VLAN 10.
Ten-GigabitEthernet 1/0/1 is a trunk secondary port of VLAN 10.
# Execute the undo port private-vlan trunk secondary command on Ten-GigabitEthernet1/0/1, and then verify the configuration.
[Sysname-Ten-GigabitEthernet1/0/1] undo port private-vlan 10 trunk secondary [Sysname-Ten-GigabitEthernet1/0/1] display this # interface Ten-GigabitEthernet1/0/1 port link-type hybrid port hybrid vlan 1 untagged # Return
The output shows that:
The port link type of Ten-GigabitEthernet 1/0/1 does not change.
Ten-GigabitEthernet 1/0/1 is removed from VLAN 10.
Related commands
port private-vlan host
port private-vlan promiscuous
port private-vlan trunk promiscuous
private-vlan (VLAN view)
private-vlan isolated
private-vlan primary