Configuring the private VLAN

The private VLAN feature uses a two-tier VLAN structure, including a primary VLAN and secondary VLANs. This feature simplifies the network configuration and saves VLAN resources.

A primary VLAN is used for upstream data exchange. A primary VLAN can be associated with multiple secondary VLANs. Because the upstream device identifies only the primary VLAN and not the secondary VLANs, network configuration is simplified and VLAN resources are saved.

Secondary VLANs are isolated at Layer 2. To enable Layer 3 communication between secondary VLANs associated with the same primary VLAN, you can enable local proxy ARP or ND on the upstream device (for example, Device A in Figure 47).

As shown in Figure 47, the private VLAN feature is enabled on Device B. VLAN 10 is the primary VLAN. VLAN 2, VLAN 5, and VLAN 8 are secondary VLANs associated with VLAN 10 and are invisible to Device A.