PVLAN Limitations
  
  
    The Private VLAN feature has the following
      limitations:
    
      - Requires more FDB entries than a standard
        VLAN.
- VLAN tag duplication is not allowed.
- VLAN name duplication is not allowed.
- Each MAC address learned in a PVLAN must be unique. A MAC address
        cannot exist in two or more VLANs that belong to the same PVLAN.
- MVR cannot be configured on PVLANs.
- A VMAN cannot be added to a PVLAN.
- A PBB network (BVLAN) cannot be added to a PVLAN.
- EAPS control VLANs cannot be either
        subscriber or network VLANs.
- For PVLAN with STP implementation,
        irrespective of port translation configuration in the Network VLAN, it is recommended to add
        both the Network VLAN and all subscriber VLANs to the STP.
- For PVLAN with EAPS implementation, irrespective of port translation
        configuration in the Network VLAN, it is recommended to add both the Network VLAN and all
        subscriber VLANs to the EAPS ring.
- ESRP can only be configured on network
        VLAN ports (and not on subscriber VLAN ports). To support ESRP on the network VLAN, you must
        add all of the VLANs in the PVLAN to ESRP.
- There is no NetLogin support to add ports
        as translate to the network VLAN, but the rest of NetLogin and the PVLAN features do not
        conflict.
- IGMP snooping is performed across the
        entire PVLAN, spanning all the subscriber VLANs, following the PVLAN rules. For VLANs that
        are not part of a PVLAN, IGMP snooping operates as normal.
- PVLAN and VPLS are not supported on the same VLAN.
- When two switches are part of the same PVLAN, unicast and multicast
        traffic require a tagged trunk between them that preserves tags (no tag translation).
- Subscriber VLANs in a PVLAN cannot exchange multicast data with VLANs
        outside the PVLAN and with other PVLANs. However, the network VLAN can exchange multicast
        data with VLANs outside the PVLAN and with network VLANs in other PVLANs.
- PVLAN does not support IPv6.
- DHCP does not work on subscriber VLANs because an IP address can not be assigned to the
        subscriber VLAN. 

Note   
A maximum of 80% of 4K VLANs can be added to a PVLAN.
      Adding more VLANS will display the following log error:
      
<Erro:HAL.VLAN.Error>Slot-<slot>: Failed to add egress vlan translation entry on port <port> due to “Table full”.
If two or more member VLANs have overlapping ports (where the same ports
      are assigned to both VLANs), each additional VLAN member with overlapping ports must have a
      dedicated loopback port. To state it another way, one of the VLAN members with overlapping
      ports does not require a dedicated loopback port, and the rest of the VLAN members do require
      a single, dedicated loopback port within each member VLAN. 
    
Note   
There is a limit to the number of unique source MAC
      addresses on the network VLAN of a PVLAN that the switch can manage. It is advised not to
      exceed the value shown in the item “FDB (maximum L2 entries)” in the Supported Limits table of
      the 
ExtremeXOS Release Notes.