Packets from different Secondary VLANs can be forwarded to the uplink device via
promiscuous port and carry no corresponding Secondary VLAN information.
Packets from Primary VLANs can be sent to end users via host port and carry no Primary
VLAN information.
Private VLAN is designed to save VLAN resource by means of Port configuration synchronization
among the MAC address tables of VLANs and MAC address duplication. To achieve these
requirements described above, the following two aspects are required:
1) Create Private VLAN: A Private VLAN includes one Primary VLAN and one Secondary VLAN,
the PVID of the promiscuous port is equal to the Primary VLAN ID and the PVID of the host
port is the same as the corresponding Secondary VLAN ID, moreover, the egress rule of all
ports is untag by default, that is, only those untagged packets can be forwarded, but you can
modify the egress rule on VLAN→802.1Q VLAN→VLAN Config page.
2) Port configuration and MAC address duplication should be synchronized on the switch. Port
configuration synchronization is completed in the whole configuration progress and MAC
address duplication is implemented while FDB is changing.
Port configuration synchronization: when configuring promiscuous and host ports for a
Private VLAN, the system will automatically add the promiscuous port and the host port
synchronously to the corresponding Primary VLAN and Secondary VLAN. Through port
configuration synchronization, the promiscuous port forwards the packets from the Primary
VLAN as well as from all the Primary VLAN-associated Secondary VLANs; the host port
forwards the packets from the Primary VLAN and the Secondary VLAN owning this host port.
Here we take a Private VLAN to illustrate port configuration synchronization. As shown in
the figure below, Port2, Port3 and Port5 belong to VLAN 2, VLAN 3 and VLAN 5
respectively. Configure VLAN 2 and VLAN 3 as Secondary VLANs, and VLAN5 as Primary
VLAN. After this configuration is completed, the settings of these ports are changed as
shown in Table 6-5.
Figure 6-15
Port PVID Allowed VLANs
83