The Private VLAN feature has the following limitations:
Requires more FDB entries than a standard VLAN.
Within the same VR, VLAN tag duplication is not allowed.
Within the same VR, VLAN name duplication is not allowed.
Each MAC address learned in a PVLAN must be unique. A MAC address cannot exist in two or more VLANs that belong to the same PVLAN.
MVR cannot be configured on PVLANs.
A VMAN cannot be added to a PVLAN.
A PBB network (BVLAN) cannot be added to a PVLAN.
EAPS control VLANs cannot be either subscriber or network VLANs.
EAPS can only be configured on network VLAN ports (and not on subscriber VLAN ports). To support EAPS on the network VLAN, you must add all of the VLANs in the PVLAN to the EAPS ring.
STP can only be configured on network VLAN ports (and not on subscriber VLAN ports). To support STP on the network VLAN, you must add all of the VLANs in the PVLAN to STP.
ESRP can only be configured on network VLAN ports (and not on subscriber VLAN ports). To support ESRP on the network VLAN, you must add all of the VLANs in the PVLAN to ESRP.
There is no NetLogin support to add ports as translate to the network VLAN, but the rest of NetLogin and the PVLAN features do not conflict.
IGMP snooping is performed across the entire PVLAN, spanning all the subscriber VLANs, following the PVLAN rules. For VLANs that are not part of a PVLAN, IGMP snooping operates as normal.
PVLAN and VPLS are not supported on the same VLAN.
When two switches are part of the same PVLAN, unicast and multicast traffic require a tagged trunk between them that preserves tags (no tag translation).
Subscriber VLANs in a PVLAN cannot exchange multicast data with VLANs outside the PVLAN and with other PVLANs. However, the network VLAN can exchange multicast data with VLANs outside the PVLAN and with network VLANs in other PVLANs.
Note
A maximum of 80% of 4K VLANs can be added to a PVLAN. Adding more VLANS will display the following log error:<Erro:HAL.VLAN.Error>Slot-<slot>: Failed to add egress vlan translation entry on port <port> due to “Table full”.
Note
There is a limit to the number of unique source MAC addresses on the network VLAN of a PVLAN that the switch can manage. It is advised not to exceed the value shown in the item “FDB (maximum L2 entries)” in the Supported Limits table of the ExtremeXOS Installation and Release Notes.