Implementation Notes; Configuring A Private Vlan - HP 9304m Installation And Getting Started Manual
Procurve routing switches
Hide thumbs
Also See for 9304m:
- Management and configuration manual (690 pages) ,
- Installation and configuration manual (504 pages) ,
- User manual (236 pages)
Table of Contents
Advertisement
By default, the private VLAN does not forward broadcast or unknown-unicast packets from outside sources into
the private VLAN. If needed, you can override this behavior for broadcast packets, unknown-unicast packets, or
both. (See "Enabling Broadcast or Unknown Unicast Traffic to the Private VLAN" on page 7-51.)
You can configure a combination of the following types of private VLANs:
•
Primary – The primary private VLAN ports are "promiscuous". They can communicate with all the isolated
private VLAN ports and community private VLAN ports in the isolated and community VLANs that are
mapped to the promiscuous port.
•
Isolated – The ports in the isolated private VLAN can communicate only with the ports in the primary private
VLAN. The isolated ports cannot communicate with each other, even in the same port-based VLAN.
•
Community – The community private VLAN ports can communicate with each other and with the primary
private VLAN ports.
Each private VLAN must have a primary VLAN. The primary VLAN is the interface between the secured ports and
the rest of the network. The private VLAN can have any combination of community and isolated VLANs. (See
"Configuration Rules" on page 7-50.)
Table 7.2 list the differences between private VLANs and standard VLANs.
Table 7.2: Comparison of Private VLANs and Standard Port-Based VLANs
Forwarding Behavior
All ports within a VLAN constitute
a common Layer broadcast
domain
Broadcasts and unknown
unicasts are forwarded to all the
VLAN's ports by default
Ports within the VLAN send and
receive unicast traffic among
themselves
Implementation Notes
•
The private VLAN implementation in the current release uses the CPU for forwarding packets on the primary
VLAN's "promiscuous" port. Other forwarding is performed in the hardware. Support for the hardware
forwarding in this feature sometimes results in multiple MAC address entries for the same MAC address in the
device's MAC address table. In this case, each of the entries is associated with a different VLAN. The
multiple entries are a normal aspect of the implementation of this feature and do not indicate a software
problem.
•
By default, the primary VLAN does not forward broadcast or unknown unicast packets into the private VLAN.
You also can use MAC address filters to control traffic forwarded into and out of the private VLAN.
Configuring a Private VLAN
To configure a private VLAN, configure each of the component VLANs (isolated, community, and public) as a
separate port-based VLAN.
•
Use standard VLAN configuration commands to create the VLAN and add ports.
•
Identify the type private VLAN type (isolated, community, or public)
•
For the primary VLAN, map the other private VLANs to the port(s) in the primary VLAN
Private VLANs
No
No
No (isolated private VLAN)
Yes (primary and community
private VLANs)
Configuring Virtual LANs (VLANs)
Standard VLANs
Yes
Yes
Yes
7 - 49
Advertisement
Table of Contents
