HP 9304m Installation And Getting Started Manual page 247

Installation and Getting Started Guide
Configuration Rules
• You can use 10/100 and Gigabit Ethernet ports in a private VLAN.
• You cannot configure any of the ports in a private VLAN to be members of a trunk group.
• You cannot share a port between a private VLAN and a standard port-based VLAN or protocol VLAN. You
can configure private VLANs and standard port-based VLANs and protocol VLANs on the same device, but a
port cannot be a member of both a private VLAN and a port-based VLAN or protocol VLAN.
NOTE: Although a private VLAN resides within a port-based VLAN, the VLAN is considered to be
exclusively a private VLAN, not a port-based VLAN.
• You cannot use the private VLAN feature and the dual-mode VLAN port feature on the same device.
• The Spanning Tree Protocol (STP) is independent of this feature, and can be enabled or disabled in the
individual port-based VLANs. However, private VLANs are not supported with single-instance STP ("single
span").
• You can configure only one private VLAN within a given port-based VLAN. Thus, you must configure a
separate port-based VLAN for each private VLAN.
• Each private VLAN can have only one primary VLAN.
• Each private VLAN can have multiple isolated or community VLANs. You can use any combination of isolated
or community VLANs with the primary VLAN. You do not need to use both isolated and community VLANs in
the private VLAN.
• You can configure the primary VLAN before or after you configure the community or isolated VLANs. You are
not required to configure a specific type of private VLAN before you can configure the other types.
• The ports in all three types of private VLANs can be tagged or untagged.
NOTE: If the port in the primary VLAN is tagged, you must add the port as a tagged port to each of the
isolated and community VLANs. If the port in the primary VLAN is untagged, you do not need to add the port
to the isolated and community VLANs.
• The primary VLAN has only one active port. The primary VLAN can have more than one port, but only the
lowest-numbered available port is active. The other ports provide redundancy.
• You cannot configure the default VLAN (VLAN 1) as a private VLAN.
Configuring an Isolated or Community Private VLAN
To configure an isolated or a community private VLAN, use the following CLI methods.
USING THE CLI
To configure a community private VLAN, enter commands such as the following:
HP9300(config)# vlan 901
HP9300(config-vlan-901)# tagged ethernet 3/5 to 3/6
HP9300(config-vlan-901)# pvlan type community
These commands create port-based VLAN 901, add ports 3/5 and 3/6 to the VLAN as tagged ports, then specify
that the VLAN is a community private VLAN.
Syntax: tagged ethernet <portnum> [to <portnum> | ethernet <portnum>]
Syntax: [no] pvlan type community | isolated | primary
The tagged or untagged command adds the ports to the VLAN. For syntax information and more examples, see
the "Configuring Virtual LANs (VLANs)" chapter of the Installation and Getting Started Guide .
The pvlan type command specifies that this port-based VLAN is a private VLAN.
• community – specifies that the VLAN is a community private VLAN. The ports can communicate with the
7 - 50