177 
3.  Associate the secondary VLANs with the primary VLAN. 
4.  Configure the uplink and downlink ports: 
{  Configure the uplink port (for example, the port connecting L2 Device B to L3 Device A 
in Figure 58):
 
−  When the port allows only one primary VLAN, configure the port as a promiscuous port 
of the primary VLAN. The promiscuous port can be automatically assigned to the 
primary VLAN and its associated secondary VLANs. 
−  When the port allows multiple primary VLANs, configure the port as a trunk promiscuous 
port of the primary VLANs. The trunk promiscuous port can be automatically assigned to 
the primary VLANs and their associated secondary VLANs. 
{  Configure a downlink port (for example, the port connecting L2 Device B to a host in Figure 
58) as a host port. The host port can be automatically assigned to the secondary VLAN and 
its associated primary VLAN. 
{  If a downlink port allows multiple secondary VLANs, configure the port as a trunk secondary 
port. The trunk secondary port can be automatically assigned to the secondary VLANs and 
their associated primary VLANs. 
For more information about promiscuous, trunk promiscuous, host, and trunk secondary ports, 
see Layer 2—LAN Switching Command Reference. 
5.  Configure Layer 3 communication between the specified secondary VLANs that are associated 
with the primary VLAN. 
Configuration restrictions and guidelines 
When you configure the private VLAN feature, follow these restrictions and guidelines: 
•  Make sure the following requirements are met: 
{  For a promiscuous port: 
−  The primary VLAN is the PVID of the port. 
−  The port is an untagged member of the primary VLAN and secondary VLANs. 
{  For a host port: 
−  The PVID of the port is a secondary VLAN. 
−  The port is an untagged member of the primary VLAN and the secondary VLAN. 
{  A trunk promiscuous or trunk secondary port must be a tagged member of the primary 
VLANs and the secondary VLANs. 
•  VLAN 1 (system default VLAN) does not support the private VLAN configuration. 
Configuration procedure 
To configure the private VLAN feature: 
 
Step Command Remarks 
1.  Enter system view.  
system-view 
N/A 
2.  Create a VLAN and enter 
VLAN view.  
vlan
 vlan-id N/A 
3.  Configure the VLAN as a 
primary VLAN.  
private-vlan primary 
By default, a VLAN is not a 
primary VLAN.  
4.  Return to system view.  
quit 
N/A