Private VLAN Configuration Example

Secondary VLAN Configuration displays a private VLAN configuration example. VLAN 100 and VLAN 200 are VLANs configured on the 100.1.1.1/24 network. In this example VLAN 100 is the primary VLAN with members Server 1 and Server 2. VLAN 200 is the secondary VLAN with members Client 1 and Client 2. Primary VLAN members are configured on ports ge.1.1-2 and are members of the egress list for all ports on both VLAN 100 and VLAN 200. Private VLAN members are configured on secondary VLAN ports ge.1.3-4 with an egress only on VLAN 100 ports. Both the primary VLAN and the secondary VLAN are configured with the same constraint set ID of 100 which means they share the same filtering database (FID 100). The routing interface is VLAN 100. The secondary VLAN is configured within the routing interface VLAN 100 configuration mode.

To configure this example:

1. Create the static primary (VLAN 100) and secondary (VLAN 200) VLANs
2. Assign ports ge.1.1-2 to the primary VLAN
3. Assign ports ge.1.3-4 to the secondary VLAN
4. Configure VLAN 200 as a private VLAN by:
   • Setting egress for VLAN 100 for all ports
   • Setting egress for VLAN 200 only on primary VLAN ports ge.1.1-2
5. Set the VLAN constraint to shared for each VLAN with a constraint set ID of 100
6. Configure the primary interface with a primary IP address of 100.1.1.1/24 and a secondary VLAN of 200

System(rw)->set vlan name 100 PrimaryVlan
System(rw)->set vlan name 200 SecondaryVlan
System(rw)->set port vlan ge.1.1-2 100
System(rw)->set port vlan ge.1.3-4 200
System(rw)->set vlan egress 100 ge.1.1-4 untagged
System(rw)->set vlan egress 200 ge.1.1-2 untagged
System(rw)->set vlan constraint 100 100 shared
System(rw)->set vlan constraint 200 100 shared
System(rw)->configure
System(rw-config)->interface vlan 100
System(rw-config-intf-vlan.0.100)->ip address 100.1.1.1/24 primary
System(rw-config-intf-vlan.0.100)->secondary-vlan 200