Enabling Broadcast Or Unknown Unicast Traffic To The Private Vlan - HP ProCurve 9304M Installation And Configuration Manual
Routing switches
Hide thumbs
Also See for ProCurve 9304M:
- Management and configuration manual (690 pages) ,
- Installation and getting started manual (348 pages) ,
- User manual (236 pages)
Table of Contents
Advertisement
Installation and Basic Configuration Guide
mapped to the promiscuous port.
Configuring the Primary VLAN
Use the following CLI method to configure the primary VLAN.
NOTE: The primary private VLAN has only one active port. If you configure the VLAN to have more than one
port, the lowest-numbered port is the active one. The additional ports provide redundancy. If the active port
becomes unavailable, the lowest-numbered available port becomes the active port for the VLAN.
USING THE CLI
To configure a primary private VLAN, enter commands such as the following:
HP9300(config)# vlan 7
HP9300(config-vlan-7)# untagged ethernet 3/2
HP9300(config-vlan-7)# pvlan type primary
HP9300(config-vlan-7)# pvlan mapping 901 ethernet 3/2
These commands create port-based VLAN 7, add port 3/2 as an untagged port, identify the VLAN as the primary
VLAN in a private VLAN, and map the other private VLANs to the port(s) in this VLAN.
Syntax: untagged ethernet <portnum> [to <portnum> | ethernet <portnum>]
Syntax: [no] pvlan type community | isolated | primary
Syntax: [no] pvlan mapping <vlan-id> ethernet <portnum>
The tagged or untagged command adds the port(s) to the VLAN.
NOTE: You can add the port as a tagged port if needed. If you add the port as a tagged port, you must also add
the port as a tagged port to the isolated and community VLANs. See "CLI Example for Figure 11.18" on page 11
53.
The pvlan type command specifies that this port-based VLAN is a private VLAN. Specify primary as the type.
The pvlan mapping command identifies the other private VLANs for which this VLAN is the primary. The
command also specifies the primary VLAN ports to which you are mapping the other private VLANs.
•
The <vlan-id> parameter specifies another private VLAN. The other private VLAN you want to specify must
already be configured.
•
T he ethernet <portnum> parameter specifies the primary VLAN port to which you are mapping all the ports in
the other private VLAN (the one specified by <vlan-id>).
Enabling Broadcast or Unknown Unicast Traffic to the Private VLAN
To enhance private VLAN security, the primary private VLAN does not forward broadcast or unknown unicast
packets to its community and isolated VLANs. For example, if port 3/2 in Figure 11.18 on page 11-49 receives a
broadcast packet from the firewall, the port does not forward the packet to the other private VLAN ports (3/5, 3/6,
3/9, and 3/10).
This forwarding restriction does not apply to traffic from the private VLAN. The primary port does forward
broadcast and unknown unicast packets that are received from the isolated and community VLANs. For example,
if the host on port 3/9 sends an unknown unicast packet, port 3/2 forwards the packet to the firewall.
If you want to remove the forwarding restriction, you can enable the primary port to forward broadcast or unknown
unicast traffic, if desired, using the following CLI method. You can enable or disable forwarding of broadcast or
unknown unicast packets separately.
NOTE: You also can use MAC address filters to control the traffic forwarded into and out of the private VLAN.
11 - 52
Advertisement
Chapters
Table of Contents
Troubleshooting
