Secondary VLAN Layer 3 communication configuration example

Network requirements

As shown in Figure 51, configure the private VLAN feature to meet the following requirements:

Figure 51: Network diagram

Configuration procedure

# Create VLAN 2 and VLAN 3.

<DeviceB> system-view
[DeviceB] vlan 2 to 3

# Configure VLAN 10 as a primary VLAN, and associate VLAN 2 and VLAN 3 with primary VLAN 10 as secondary VLANs.

[DeviceB] vlan 10
[DeviceB-vlan10] private-vlan primary
[DeviceB-vlan10] private-vlan secondary 2 3
[DeviceB-vlan10] quit

# Configure the uplink port Ten-GigabitEthernet 1/0/1 as a promiscuous port of VLAN 10.

[DeviceB] interface ten-gigabitethernet 1/0/1
[DeviceB-Ten-GigabitEthernet1/0/1] port private-vlan 10 promiscuous
[DeviceB-Ten-GigabitEthernet1/0/1] quit

# Assign the downlink port Ten-GigabitEthernet 1/0/2 to VLAN 2, and configure the port as a host port.

[DeviceB] interface ten-gigabitethernet 1/0/2
[DeviceB-Ten-GigabitEthernet1/0/2] port access vlan 2
[DeviceB-Ten-GigabitEthernet1/0/2] port private-vlan host
[DeviceB-Ten-GigabitEthernet1/0/2] quit

# Assign the downlink port Ten-GigabitEthernet 1/0/3 to VLAN 3, and configure the port as a host port.

[DeviceB] interface ten-gigabitethernet 1/0/3
[DeviceB-Ten-GigabitEthernet1/0/3] port access vlan 3
[DeviceB-Ten-GigabitEthernet1/0/3] port private-vlan host
[DeviceB-Ten-GigabitEthernet1/0/3] quit

# Enable Layer 3 communication between secondary VLANs 2 and 3 that are associated with primary VLAN 10.

[DeviceB] interface vlan-interface 10
[DeviceB-Vlan-interface10] private-vlan secondary 2 3

# Assign the IP address 192.168.1.1/24 to VLAN-interface 10.

[DeviceB-Vlan-interface10] ip address 192.168.1.1 255.255.255.0

# Enable local proxy ARP on VLAN-interface 10.

[DeviceB-Vlan-interface10] local-proxy-arp enable
[DeviceB-Vlan-interface10] quit

Verifying the configuration

# Display the configuration of primary VLAN 10.

[DeviceB] display private-vlan 10
 Primary VLAN ID: 10
 Secondary-VLAN ID: 2-3

 VLAN ID: 10
 VLAN type: Static
 Private VLAN type: Primary
 Route interface: Configured
 IPv4 address: 192.168.1.1
 IPv4 subnet mask: 255.255.255.0
 Description: VLAN 0010
 Name: VLAN 0010
 Tagged   ports: None
 Untagged ports: 
    Ten-GigabitEthernet1/0/1
    Ten-GigabitEthernet1/0/2
    Ten-GigabitEthernet1/0/3
 VLAN ID: 2
 VLAN type: Static
 Private VLAN type: Secondary
 Route interface: Configured
 IPv4 address: 192.168.1.1
 IPv4 subnet mask: 255.255.255.0
 Description: VLAN 0002
 Name: VLAN 0002
 Tagged   ports: None
 Untagged ports:
    Ten-GigabitEthernet1/0/1            Ten-GigabitEthernet1/0/2

 VLAN ID: 3
 VLAN type: Static
 Private VLAN type: Secondary
 Route interface: Configured
 IPv4 address: 192.168.1.1
 IPv4 subnet mask: 255.255.255.0
 Description: VLAN 0003
 Name: VLAN 0003
 Tagged   ports: None
 Untagged ports:
    Ten-GigabitEthernet1/0/1            Ten-GigabitEthernet1/0/3

The Route interface field in the output is Configured, indicating that secondary VLANs 2 and 3 are interoperable at Layer 3.