Trunk promiscuous and trunk secondary port configuration example

Network requirements

As shown in Figure 50, configure the private VLAN feature to meet the following requirements:

Figure 50: Network diagram

Configuration procedure

  1. Configure Device A:

    # Configure VLANs 10 and 20 as primary VLANs.

    <DeviceA> system-view
    [DeviceA] vlan 10
    [DeviceA-vlan10] private-vlan primary
    [DeviceA-vlan10] quit
    [DeviceA] vlan 20
    [DeviceA-vlan20] private-vlan primary
    [DeviceA-vlan20] quit
    

    # Create VLANs 11, 12, 21, and 22, which are to be configured as secondary VLANs.

    [DeviceA] vlan 11 to 12
    [DeviceA] vlan 21 to 22
    

    # Associate the secondary VLANs 11 and 12 with the primary VLAN 10.

    [DeviceA] vlan 10
    [DeviceA-vlan10] private-vlan secondary 11 12
    [DeviceA-vlan10] quit
    

    # Associate the secondary VLANs 21 and 22 with the primary VLAN 20.

    [DeviceA] vlan 20
    [DeviceA-vlan20] private-vlan secondary 21 22
    [DeviceA-vlan20] quit
    

    # Configure the uplink port Ten-GigabitEthernet 1/0/5 as a trunk promiscuous port of VLANs 10 and 20.

    [DeviceA] interface ten-gigabitethernet 1/0/5
    [DeviceA-Ten-GigabitEthernet1/0/5] port private-vlan 10 20 trunk promiscuous
    [DeviceA-Ten-GigabitEthernet1/0/5] quit
    

    # Assign the downlink port Ten-GigabitEthernet 1/0/1 to VLAN 22 and configure the port as a host port.

    [DeviceA] interface ten-gigabitethernet 1/0/1
    [DeviceA-Ten-GigabitEthernet1/0/1] port access vlan 22
    [DeviceA-Ten-GigabitEthernet1/0/1] port private-vlan host
    [DeviceA-Ten-GigabitEthernet1/0/1] quit
    

    # Assign the downlink port Ten-GigabitEthernet 1/0/3 to VLAN 12 and configure the port as a host port.

    [DeviceA] interface ten-gigabitethernet 1/0/3
    [DeviceA-Ten-GigabitEthernet1/0/3] port access vlan 12
    [DeviceA-Ten-GigabitEthernet1/0/3] port private-vlan host
    [DeviceA-Ten-GigabitEthernet1/0/3] quit
    

    # Configure the downlink port Ten-GigabitEthernet 1/0/2 as a trunk secondary port in VLANs 11 and 21.

    [DeviceA] interface ten-gigabitethernet 1/0/2
    [DeviceA-Ten-GigabitEthernet1/0/2] port private-vlan 11 21 trunk secondary
    [DeviceA-Ten-GigabitEthernet1/0/2] quit
    
  2. Configure Device B:

    # Create VLANs 11 and 21.

    <DeviceB> system-view
    [DeviceB] vlan 11
    [DeviceB-vlan11] quit
    [DeviceB] vlan 21
    [DeviceB-vlan21] quit
    

    # Configure Ten-GigabitEthernet 1/0/2 as a hybrid port, and assign it to VLANs 11 and 21 as a tagged VLAN member.

    [DeviceB] interface ten-gigabitethernet 1/0/2
    [DeviceB-Ten-GigabitEthernet1/0/2] port link-type hybrid
    [DeviceB-Ten-GigabitEthernet1/0/2] port hybrid vlan 11 21 tagged
    [DeviceB-Ten-GigabitEthernet1/0/2] quit
    

    # Assign the port Ten-GigabitEthernet 1/0/4 to VLAN 11.

    [DeviceB] interface ten-gigabitethernet 1/0/4
    [DeviceB-Ten-GigabitEthernet1/0/4] port access vlan 11
    [DeviceB-Ten-GigabitEthernet1/0/4] quit
    

    # Assign the port Ten-GigabitEthernet 1/0/3 to VLAN 21.

    [DeviceB] interface ten-gigabitethernet 1/0/3
    [DeviceB-Ten-GigabitEthernet1/0/3] port access vlan 21
    [DeviceB-Ten-GigabitEthernet1/0/3] quit
    
  3. Configure Device C:

    # Create VLANs 10 and 20.

    <DeviceC> system-view
    [DeviceC] vlan 10
    [DeviceC-vlan10] quit
    [DeviceC] vlan 20
    [DeviceC-vlan20] quit
    

    # Configure Ten-GigabitEthernet1/0/5 as a hybrid port, and assign it to VLANs 10 and 20 as a tagged VLAN member.

    [DeviceC] interface ten-gigabitethernet 1/0/5
    [DeviceC-Ten-GigabitEthernet1/0/5] port link-type hybrid
    [DeviceC-Ten-GigabitEthernet1/0/5] port hybrid vlan 10 20 tagged
    [DeviceC-Ten-GigabitEthernet1/0/5] quit
    

Verifying the configuration

# Display the configuration of primary VLAN 10 on Device A.

[DeviceA] display private-vlan 10
 Primary VLAN ID: 10
 Secondary VLAN ID: 11-12

 VLAN ID: 10
 VLAN type: Static
 Private-vlan type: Primary
 Route interface: Not configured
 Description: VLAN 0010
 Name: VLAN 0010
 Tagged   ports:
    Ten-GigabitEthernet1/0/2          Ten-GigabitEthernet1/0/5
 Untagged ports:
    Ten-GigabitEthernet1/0/3

 VLAN ID: 11
 VLAN type: Static
 Private-vlan type: Secondary
 Route interface: Not configured
 Description: VLAN 0011
 Name: VLAN 0011
 Tagged   ports:
    Ten-GigabitEthernet1/0/2          Ten-GigabitEthernet1/0/5
 Untagged ports: None

VLAN ID: 12
 VLAN type: Static
 Private-vlan type: Secondary
 Route interface: Not configured
 Description: VLAN 0012
 Name: VLAN 0012
 Tagged   ports:
    Ten-GigabitEthernet1/0/5
 Untagged ports:
    Ten-GigabitEthernet1/0/3

The output shows that:

# Display the configuration of primary VLAN 20 on Device A.

[DeviceA] display private-vlan 20
 Primary VLAN ID: 20
 Secondary VLAN ID: 21-22

 VLAN ID: 20
 VLAN type: Static
 Private-vlan type: Primary
 Route interface: Not configured
 Description: VLAN 0020
 Name: VLAN 0020
 Tagged   ports:
    Ten-GigabitEthernet1/0/2          Ten-GigabitEthernet1/0/5
 Untagged ports:
    Ten-GigabitEthernet1/0/1
  
 VLAN ID: 21
 VLAN type: Static
 Private-vlan type: Secondary
 Route interface: Not configured
 Description: VLAN 0021
 Name: VLAN 0021
 Tagged   ports:
    Ten-GigabitEthernet1/0/2          Ten-GigabitEthernet1/0/5
 Untagged ports: None

 VLAN ID: 22
 VLAN type: Static
 Private-vlan type: Secondary
 Route interface: Not configured
 Description: VLAN 0022
 Name: VLAN 0022
 Tagged   ports:
    Ten-GigabitEthernet1/0/5
 Untagged ports:
    Ten-GigabitEthernet1/0/1

The output shows that: