Implementation Notes; Configuring A Private Vlan - HP ProCurve 9304M Installation And Configuration Manual
Routing switches
Hide thumbs
Also See for ProCurve 9304M:
- Management and configuration manual (690 pages) ,
- Installation and getting started manual (348 pages) ,
- User manual (236 pages)
Table of Contents
Advertisement
Installation and Basic Configuration Guide
By default, the private VLAN does not forward broadcast or unknown-unicast packets from outside sources into
the private VLAN. If needed, you can override this behavior for broadcast packets, unknown-unicast packets, or
both. (See "Enabling Broadcast or Unknown Unicast Traffic to the Private VLAN" on page 11-52.)
You can configure a combination of the following types of private VLANs:
•
Primary – The primary private VLAN ports are "promiscuous". They can communicate with all the isolated
private VLAN ports and community private VLAN ports in the isolated and community VLANs that are
mapped to the promiscuous port.
•
Isolated – Broadcasts and unknown unicasts received on isolated ports are sent only to the primary port.
They are not flooded to other ports in the isolated VLAN.
•
Community – Broadcasts and unknown unicasts received on community ports are sent to the primary port
and also are flooded to the other ports in the community VLAN.
Each private VLAN must have a primary VLAN. The primary VLAN is the interface between the secured ports and
the rest of the network. The private VLAN can have any combination of community and isolated VLANs. (See
"Configuration Rules" on page 11-50.)
Table 11.2 list the differences between private VLANs and standard VLANs.
Table 11.2: Comparison of Private VLANs and Standard Port-Based VLANs
Forwarding Behavior
All ports within a VLAN constitute
a common Layer broadcast
domain
Broadcasts and unknown
unicasts are forwarded to all the
VLAN's ports by default
Known unicasts
Implementation Notes
•
The private VLAN implementation in the current release uses the CPU for forwarding packets on the primary
VLAN's "promiscuous" port. Other forwarding is performed in the hardware. Support for the hardware
forwarding in this feature sometimes results in multiple MAC address entries for the same MAC address in
the device's MAC address table. In this case, each of the entries is associated with a different VLAN. The
multiple entries are a normal aspect of the implementation of this feature and do not indicate a software
problem.
•
By default, the primary VLAN does not forward broadcast or unknown unicast packets into the private VLAN.
You also can use MAC address filters to control traffic forwarded into and out of the private VLAN.
Configuring a Private VLAN
To configure a private VLAN, configure each of the component VLANs (isolated, community, and public) as a
separate port-based VLAN.
•
Use standard VLAN configuration commands to create the VLAN and add ports.
•
Identify the type private VLAN type (isolated, community, or public)
•
For the primary VLAN, map the other private VLANs to the port(s) in the primary VLAN
Configuration Rules
•
You can use 10/100 and Gigabit Ethernet ports in a private VLAN.
•
You cannot configure any of the ports in a private VLAN to be members of a trunk group.
11 - 50
Private VLANs
No
No (isolated VLAN)
Yes (community VLAN)
Yes
Standard VLANs
Yes
Yes
Yes
Advertisement
Chapters
Table of Contents
Troubleshooting
