PVLAN Limitations
The Private VLAN feature has the following
limitations:
- Requires more FDB entries than a standard
VLAN.
- VLAN tag duplication is not allowed.
- VLAN name duplication is not allowed.
- Each MAC address learned in a PVLAN must be unique. A MAC address
cannot exist in two or more VLANs that belong to the same PVLAN.
- MVR cannot be configured on PVLANs.
- A VMAN cannot be added to a PVLAN.
- A PBB network (BVLAN) cannot be added to a PVLAN.
- EAPS control VLANs cannot be either
subscriber or network VLANs.
- For PVLAN with STP implementation,
irrespective of port translation configuration in the Network VLAN, it is recommended to add
both the Network VLAN and all subscriber VLANs to the STP.
- For PVLAN with EAPS implementation, irrespective of port translation
configuration in the Network VLAN, it is recommended to add both the Network VLAN and all
subscriber VLANs to the EAPS ring.
- ESRP can only be configured on network
VLAN ports (and not on subscriber VLAN ports). To support ESRP on the network VLAN, you must
add all of the VLANs in the PVLAN to ESRP.
- There is no NetLogin support to add ports
as translate to the network VLAN, but the rest of NetLogin and the PVLAN features do not
conflict.
- IGMP snooping is performed across the
entire PVLAN, spanning all the subscriber VLANs, following the PVLAN rules. For VLANs that
are not part of a PVLAN, IGMP snooping operates as normal.
- PVLAN and VPLS are not supported on the same VLAN.
- When two switches are part of the same PVLAN, unicast and multicast
traffic require a tagged trunk between them that preserves tags (no tag translation).
- Subscriber VLANs in a PVLAN cannot exchange multicast data with VLANs
outside the PVLAN and with other PVLANs. However, the network VLAN can exchange multicast
data with VLANs outside the PVLAN and with network VLANs in other PVLANs.
- PVLAN does not support IPv6.
Note
A maximum of 80% of 4K VLANs can be added to a PVLAN.
Adding more VLANS will display the following log error:
<Erro:HAL.VLAN.Error>Slot-<slot>: Failed to add egress vlan translation entry on port <port> due to “Table full”.
If two or more member VLANs have overlapping ports (where the same ports
are assigned to both VLANs), each additional VLAN member with overlapping ports must have a
dedicated loopback port. To state it another way, one of the VLAN members with overlapping
ports does not require a dedicated loopback port, and the rest of the VLAN members do require
a single, dedicated loopback port within each member VLAN.
Note
There is a limit to the number of unique source MAC
addresses on the network VLAN of a PVLAN that the switch can manage. It is advised not to
exceed the value shown in the item “FDB (maximum L2 entries)” in the Supported Limits table of
the
ExtremeXOS Release Notes.