Configuration procedure
To configure the private VLAN feature:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Create a VLAN and enter VLAN view. | vlan vlan-id | N/A |
3. Configure the VLAN as a primary VLAN. | private-vlan primary | By default, a VLAN is not a primary VLAN. |
4. Return to system view. | quit | N/A |
5. Create one or multiple secondary VLANs. | vlan { vlan-id1 [ to vlan-id2 ] | all } | N/A |
6. Enable Layer 2 communication for ports in the same secondary VLAN. |
| Use either command. By default, ports in the same secondary VLAN can communicate with each other at Layer 2. This configuration takes effect when the following conditions exist:
|
7. Return to system view. | quit | N/A |
8. Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view. | interface interface-type interface-number | N/A |
9. Configure the uplink port as a promiscuous or trunk promiscuous port of the specified VLANs. |
| By default, a port is not a promiscuous or trunk promiscuous port of any VLAN. |
10. Return to system view. | quit | N/A |
11. Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view. | interface interface-type interface-number | N/A |
12. Assign the downlink port to secondary VLANs. |
| Select substep b, c, or d depending on the port link type. |
13. Return to system view. | quit | N/A |
14. Enter Layer 2 Ethernet interface view or Layer 2 aggregate interface view. | interface interface-type interface-number | N/A |
15. Configure the downlink port as a host or trunk secondary port. |
| By default, a port is not a host or trunk secondary port. |
16. Enter primary VLAN view. | vlan vlan-id | N/A |
17. Associate the primary VLAN with the specified secondary VLANs. | private-vlan secondary vlan-id-list | By default, a primary VLAN is not associated with any secondary VLAN. |
18. Return to system view. | quit | N/A |
19. (Optional.) Configure Layer 3 communication between the specified secondary VLANs. |
| Use substeps a, b, c, and e for devices that run IPv4 protocols. Use substeps a, b, d, and f for devices that run IPv6 protocols. By default:
|