Secondary VLAN Layer 3 communication configuration example
Network requirements
As shown in Figure 51, configure the private VLAN feature to meet the following requirements:
Primary VLAN 10 on Device B is associated with secondary VLANs 2 and 3.
The uplink port Ten-GigabitEthernet 1/0/1 is in VLAN 10.
The IP address of VLAN-interface 10 is 192.168.1.1/24.
The ports Ten-GigabitEthernet 1/0/2 and Ten-GigabitEthernet 1/0/3 are in VLAN 2 and VLAN 3, respectively.
Secondary VLANs are isolated at Layer 2 but interoperable at Layer 3.
Figure 51: Network diagram
Configuration procedure
# Create VLAN 2 and VLAN 3.
<DeviceB> system-view [DeviceB] vlan 2 to 3
# Configure VLAN 10 as a primary VLAN, and associate VLAN 2 and VLAN 3 with primary VLAN 10 as secondary VLANs.
[DeviceB] vlan 10 [DeviceB-vlan10] private-vlan primary [DeviceB-vlan10] private-vlan secondary 2 3 [DeviceB-vlan10] quit
# Configure the uplink port Ten-GigabitEthernet 1/0/1 as a promiscuous port of VLAN 10.
[DeviceB] interface ten-gigabitethernet 1/0/1 [DeviceB-Ten-GigabitEthernet1/0/1] port private-vlan 10 promiscuous [DeviceB-Ten-GigabitEthernet1/0/1] quit
# Assign the downlink port Ten-GigabitEthernet 1/0/2 to VLAN 2, and configure the port as a host port.
[DeviceB] interface ten-gigabitethernet 1/0/2 [DeviceB-Ten-GigabitEthernet1/0/2] port access vlan 2 [DeviceB-Ten-GigabitEthernet1/0/2] port private-vlan host [DeviceB-Ten-GigabitEthernet1/0/2] quit
# Assign the downlink port Ten-GigabitEthernet 1/0/3 to VLAN 3, and configure the port as a host port.
[DeviceB] interface ten-gigabitethernet 1/0/3 [DeviceB-Ten-GigabitEthernet1/0/3] port access vlan 3 [DeviceB-Ten-GigabitEthernet1/0/3] port private-vlan host [DeviceB-Ten-GigabitEthernet1/0/3] quit
# Enable Layer 3 communication between secondary VLANs 2 and 3 that are associated with primary VLAN 10.
[DeviceB] interface vlan-interface 10 [DeviceB-Vlan-interface10] private-vlan secondary 2 3
# Assign the IP address 192.168.1.1/24 to VLAN-interface 10.
[DeviceB-Vlan-interface10] ip address 192.168.1.1 255.255.255.0
# Enable local proxy ARP on VLAN-interface 10.
[DeviceB-Vlan-interface10] local-proxy-arp enable [DeviceB-Vlan-interface10] quit
Verifying the configuration
# Display the configuration of primary VLAN 10.
[DeviceB] display private-vlan 10 Primary VLAN ID: 10 Secondary-VLAN ID: 2-3 VLAN ID: 10 VLAN type: Static Private VLAN type: Primary Route interface: Configured IPv4 address: 192.168.1.1 IPv4 subnet mask: 255.255.255.0 Description: VLAN 0010 Name: VLAN 0010 Tagged ports: None Untagged ports: Ten-GigabitEthernet1/0/1 Ten-GigabitEthernet1/0/2 Ten-GigabitEthernet1/0/3 VLAN ID: 2 VLAN type: Static Private VLAN type: Secondary Route interface: Configured IPv4 address: 192.168.1.1 IPv4 subnet mask: 255.255.255.0 Description: VLAN 0002 Name: VLAN 0002 Tagged ports: None Untagged ports: Ten-GigabitEthernet1/0/1 Ten-GigabitEthernet1/0/2 VLAN ID: 3 VLAN type: Static Private VLAN type: Secondary Route interface: Configured IPv4 address: 192.168.1.1 IPv4 subnet mask: 255.255.255.0 Description: VLAN 0003 Name: VLAN 0003 Tagged ports: None Untagged ports: Ten-GigabitEthernet1/0/1 Ten-GigabitEthernet1/0/3
The Route interface field in the output is Configured, indicating that secondary VLANs 2 and 3 are interoperable at Layer 3.