HP ProCurve 9304M Installation And Configuration Manual page 389
Routing switches
Hide thumbs
Also See for ProCurve 9304M:
- Management and configuration manual (690 pages) ,
- Installation and getting started manual (348 pages) ,
- User manual (236 pages)
Table of Contents
Advertisement
•
You cannot share a port between a private VLAN and a standard port-based VLAN or protocol VLAN. You
can configure private VLANs and standard port-based VLANs and protocol VLANs on the same device, but a
port cannot be a member of both a private VLAN and a port-based VLAN or protocol VLAN.
NOTE: Although a private VLAN resides within a port-based VLAN, the VLAN is considered to be
exclusively a private VLAN, not a port-based VLAN.
•
You cannot use the private VLAN feature and the dual-mode VLAN port feature on the same device.
•
The Spanning Tree Protocol (STP) is independent of this feature, and can be enabled or disabled in the
individual port-based VLANs. However, private VLANs are not supported with single-instance STP ("single
span").
•
You can configure only one private VLAN within a given port-based VLAN. Thus, you must configure a
separate port-based VLAN for each private VLAN.
•
Each private VLAN can have only one primary VLAN.
•
Each private VLAN can have multiple isolated or community VLANs. You can use any combination of
isolated or community VLANs with the primary VLAN. You do not need to use both isolated and community
VLANs in the private VLAN.
•
You can configure the primary VLAN before or after you configure the community or isolated VLANs. You are
not required to configure a specific type of private VLAN before you can configure the other types.
•
The ports in all three types of private VLANs can be tagged or untagged.
NOTE: If the port in the primary VLAN is tagged, you must add the port as a tagged port to each of the
isolated and community VLANs. If the port in the primary VLAN is untagged, you do not need to add the port
to the isolated and community VLANs.
•
The primary VLAN has only one active port. The primary VLAN can have more than one port, but only the
lowest-numbered available port is active. The other ports provide redundancy.
•
You cannot configure the default VLAN (VLAN 1) as a private VLAN.
Configuring an Isolated or Community Private VLAN
To configure an isolated or a community private VLAN, use the following CLI methods.
USING THE CLI
To configure a community private VLAN, enter commands such as the following:
HP9300(config)# vlan 901
HP9300(config-vlan-901)# tagged ethernet 3/5 to 3/6
HP9300(config-vlan-901)# pvlan type community
These commands create port-based VLAN 901, add ports 3/5 and 3/6 to the VLAN as tagged ports, then specify
that the VLAN is a community private VLAN.
Syntax: tagged ethernet <portnum> [to <portnum> | ethernet <portnum>]
Syntax: [no] pvlan type community | isolated | primary
The tagged or untagged command adds the ports to the VLAN.
The pvlan type command specifies that this port-based VLAN is a private VLAN.
•
community – Broadcasts and unknown unicasts received on community ports are sent to the primary port
and also are flooded to the other ports in the community VLAN.
•
isolated – Broadcasts and unknown unicasts received on isolated ports are sent only to the primary port.
They are not flooded to other ports in the isolated VLAN.
•
primary – The primary private VLAN ports are "promiscuous". They can communicate with all the isolated
private VLAN ports and community private VLAN ports in the isolated and community VLANs that are
Configuring Virtual LANs (VLANs)
11 - 51
Advertisement
Chapters
Table of Contents
Troubleshooting
