Configuring VLANs Using Private VLANs
OmniSwitch AOS Release 8 Network Configuration Guide December 2017 page 4-22
To configure an isolated port, use the pvlan members command to assign a port or link aggregate as a
tagged or untagged member of an Isolated Secondary VLAN. For example, the following commands
create Isolated VLAN 250 as a Secondary VLAN to Primary VLAN 200 and then assign port 1/2/2 and
link aggregate 10 to VLAN 250:
-> pvlan 200 secondary 250 type isolated
-> pvlan 250 members port 1/2/2 tagged
-> pvlan 250 members linkagg 10 untagged
To configure a community port, use the pvlan members command to assign a port or link aggregate as a
tagged or untagged member of a Community Secondary VLAN. For example, the following commands
create Community VLAN 251 as a Secondary VLAN to Primary VLAN 200 and then assign port 1/2/5
and link aggregate 15 to VLAN 251:
-> pvlan 200 secondary 251 type isolated
-> pvlan 251 members port 1/2/5 tagged
-> pvlan 251 members linkagg 15 untagged
To remove a port from a Secondary VLAN, use the no form of the pvlan members command. For
example, the following commands remove a port and link aggregate from Secondary VLAN 250 and 251:
-> no pvlan 250 members port 1/2/2
-> no pvlan 251 members linkagg 15
Assigning UNP Ports to Secondary VLANs
Universal Network Profile (UNP) ports can also be assigned to Secondary VLANs (isolated or community
ports). The UNP ports are designated as isolated or community ports during runtime based on the first
MAC address learned on the port.
• If the first MAC address is learned on a UNP port is classified into an Isolated VLAN, the port is
designated as an isolated port.
• If the first MAC address is learned on a UNP port is classified into a Community VLAN, the port is
designated as a community port.
• If the first MAC address learned on the a UNP port is classified into any standard VLAN (non-
PVLAN), then the UNP port cannot be designated as an isolated or community port.
Protocol Configuration Requirements for PVLAN
This section contains important information about configuring other protocols to interact with PVLANs.
For more information about each protocol, refer the related chapters in the OmniSwitch AOS Release 8
CLI Reference Guide and the OmniSwitch AOS Release 8 Network Configuration Guide.
Enabling DHCP Snooping for PVLANs
DHCP Snooping can be enabled only on the Primary VLAN of a PVLAN configuration. When enabled on
the Primary VLAN, the configuration will be applied to the Secondary VLANs associated with the
Primary VLAN.
If the DHCP Snooping server is on another chassis, then the ISL port configured for communication must
be configured as a trusted port.
To Next Page
Loading...
Need help?
General
