Trunk promiscuous and trunk secondary port configuration example
Network requirements
As shown in Figure 50, configure the private VLAN feature to meet the following requirements:
VLANs 10 and 20 are primary VLANs on Device A. The uplink port Ten-GigabitEthernet 1/0/5 on Device A permits the packets from VLANs 10 and 20 to pass through tagged.
VLAN 11, VLAN 12, VLAN 21, and VLAN 22 are secondary VLANs on Device A.
The downlink port Ten-GigabitEthernet 1/0/2 permits the packets from VLAN 11 and VLAN 21 to pass through tagged.
The downlink port Ten-GigabitEthernet 1/0/1 permits VLAN 22.
The downlink port Ten-GigabitEthernet 1/0/3 permits VLAN 12.
Secondary VLANs 11 and 12 are associated with primary VLAN 10.
Secondary VLANs 21 and 22 are associated with primary VLAN 20.
Figure 50: Network diagram
Configuration procedure
Configure Device A:
# Configure VLANs 10 and 20 as primary VLANs.
<DeviceA> system-view [DeviceA] vlan 10 [DeviceA-vlan10] private-vlan primary [DeviceA-vlan10] quit [DeviceA] vlan 20 [DeviceA-vlan20] private-vlan primary [DeviceA-vlan20] quit
# Create VLANs 11, 12, 21, and 22, which are to be configured as secondary VLANs.
[DeviceA] vlan 11 to 12 [DeviceA] vlan 21 to 22
# Associate the secondary VLANs 11 and 12 with the primary VLAN 10.
[DeviceA] vlan 10 [DeviceA-vlan10] private-vlan secondary 11 12 [DeviceA-vlan10] quit
# Associate the secondary VLANs 21 and 22 with the primary VLAN 20.
[DeviceA] vlan 20 [DeviceA-vlan20] private-vlan secondary 21 22 [DeviceA-vlan20] quit
# Configure the uplink port Ten-GigabitEthernet 1/0/5 as a trunk promiscuous port of VLANs 10 and 20.
[DeviceA] interface ten-gigabitethernet 1/0/5 [DeviceA-Ten-GigabitEthernet1/0/5] port private-vlan 10 20 trunk promiscuous [DeviceA-Ten-GigabitEthernet1/0/5] quit
# Assign the downlink port Ten-GigabitEthernet 1/0/1 to VLAN 22 and configure the port as a host port.
[DeviceA] interface ten-gigabitethernet 1/0/1 [DeviceA-Ten-GigabitEthernet1/0/1] port access vlan 22 [DeviceA-Ten-GigabitEthernet1/0/1] port private-vlan host [DeviceA-Ten-GigabitEthernet1/0/1] quit
# Assign the downlink port Ten-GigabitEthernet 1/0/3 to VLAN 12 and configure the port as a host port.
[DeviceA] interface ten-gigabitethernet 1/0/3 [DeviceA-Ten-GigabitEthernet1/0/3] port access vlan 12 [DeviceA-Ten-GigabitEthernet1/0/3] port private-vlan host [DeviceA-Ten-GigabitEthernet1/0/3] quit
# Configure the downlink port Ten-GigabitEthernet 1/0/2 as a trunk secondary port in VLANs 11 and 21.
[DeviceA] interface ten-gigabitethernet 1/0/2 [DeviceA-Ten-GigabitEthernet1/0/2] port private-vlan 11 21 trunk secondary [DeviceA-Ten-GigabitEthernet1/0/2] quit
Configure Device B:
# Create VLANs 11 and 21.
<DeviceB> system-view [DeviceB] vlan 11 [DeviceB-vlan11] quit [DeviceB] vlan 21 [DeviceB-vlan21] quit
# Configure Ten-GigabitEthernet 1/0/2 as a hybrid port, and assign it to VLANs 11 and 21 as a tagged VLAN member.
[DeviceB] interface ten-gigabitethernet 1/0/2 [DeviceB-Ten-GigabitEthernet1/0/2] port link-type hybrid [DeviceB-Ten-GigabitEthernet1/0/2] port hybrid vlan 11 21 tagged [DeviceB-Ten-GigabitEthernet1/0/2] quit
# Assign the port Ten-GigabitEthernet 1/0/4 to VLAN 11.
[DeviceB] interface ten-gigabitethernet 1/0/4 [DeviceB-Ten-GigabitEthernet1/0/4] port access vlan 11 [DeviceB-Ten-GigabitEthernet1/0/4] quit
# Assign the port Ten-GigabitEthernet 1/0/3 to VLAN 21.
[DeviceB] interface ten-gigabitethernet 1/0/3 [DeviceB-Ten-GigabitEthernet1/0/3] port access vlan 21 [DeviceB-Ten-GigabitEthernet1/0/3] quit
Configure Device C:
# Create VLANs 10 and 20.
<DeviceC> system-view [DeviceC] vlan 10 [DeviceC-vlan10] quit [DeviceC] vlan 20 [DeviceC-vlan20] quit
# Configure Ten-GigabitEthernet1/0/5 as a hybrid port, and assign it to VLANs 10 and 20 as a tagged VLAN member.
[DeviceC] interface ten-gigabitethernet 1/0/5 [DeviceC-Ten-GigabitEthernet1/0/5] port link-type hybrid [DeviceC-Ten-GigabitEthernet1/0/5] port hybrid vlan 10 20 tagged [DeviceC-Ten-GigabitEthernet1/0/5] quit
Verifying the configuration
# Display the configuration of primary VLAN 10 on Device A.
[DeviceA] display private-vlan 10 Primary VLAN ID: 10 Secondary VLAN ID: 11-12 VLAN ID: 10 VLAN type: Static Private-vlan type: Primary Route interface: Not configured Description: VLAN 0010 Name: VLAN 0010 Tagged ports: Ten-GigabitEthernet1/0/2 Ten-GigabitEthernet1/0/5 Untagged ports: Ten-GigabitEthernet1/0/3 VLAN ID: 11 VLAN type: Static Private-vlan type: Secondary Route interface: Not configured Description: VLAN 0011 Name: VLAN 0011 Tagged ports: Ten-GigabitEthernet1/0/2 Ten-GigabitEthernet1/0/5 Untagged ports: None VLAN ID: 12 VLAN type: Static Private-vlan type: Secondary Route interface: Not configured Description: VLAN 0012 Name: VLAN 0012 Tagged ports: Ten-GigabitEthernet1/0/5 Untagged ports: Ten-GigabitEthernet1/0/3
The output shows that:
The trunk promiscuous port Ten-GigabitEthernet 1/0/5 is a tagged member of primary VLAN 10 and secondary VLANs 11 and 12.
The trunk secondary port Ten-GigabitEthernet 1/0/2 is a tagged member of primary VLAN 10 and secondary VLAN 11.
The host port Ten-GigabitEthernet 1/0/3 is an untagged member of primary VLAN 10 and secondary VLAN 12.
# Display the configuration of primary VLAN 20 on Device A.
[DeviceA] display private-vlan 20 Primary VLAN ID: 20 Secondary VLAN ID: 21-22 VLAN ID: 20 VLAN type: Static Private-vlan type: Primary Route interface: Not configured Description: VLAN 0020 Name: VLAN 0020 Tagged ports: Ten-GigabitEthernet1/0/2 Ten-GigabitEthernet1/0/5 Untagged ports: Ten-GigabitEthernet1/0/1 VLAN ID: 21 VLAN type: Static Private-vlan type: Secondary Route interface: Not configured Description: VLAN 0021 Name: VLAN 0021 Tagged ports: Ten-GigabitEthernet1/0/2 Ten-GigabitEthernet1/0/5 Untagged ports: None VLAN ID: 22 VLAN type: Static Private-vlan type: Secondary Route interface: Not configured Description: VLAN 0022 Name: VLAN 0022 Tagged ports: Ten-GigabitEthernet1/0/5 Untagged ports: Ten-GigabitEthernet1/0/1
The output shows that:
The trunk promiscuous port Ten-GigabitEthernet 1/0/5 is a tagged member of primary VLAN 20 and secondary VLANs 21 and 22.
The trunk secondary port Ten-GigabitEthernet 1/0/2 is a tagged member of primary VLAN 20 and secondary VLAN 21.
The host port Ten-GigabitEthernet 1/0/1 is an untagged member of primary VLAN 20 and secondary VLAN 22.