Configure PVLAN Trunk and Promiscuous Trunk Port

OcNOS-SP : Layer 2 Guide : Layer 2 Configuration Guide : Private VLAN Configuration : Configure PVLAN Trunk and Promiscuous Trunk Port

SW1

SW1#configure terminal	Enter configuration mode
SW1(config)#bridge 1 protocol ieee vlan- bridge	Create bridge
SW1(config)#vlan database	Enter VLAN configuration mode
SW1(config-vlan)#vlan 10 bridge 1 state enable	Create VLAN 10
SW1(config-vlan)#vlan 20 bridge 1 state enable	Create VLAN 20
SW1(config-vlan)#vlan 100 bridge 1 state enable	Create VLAN 100
SW1(config-vlan)#private-vlan 10 isolated bridge 1	Configure VLAN 10 as isolated VLAN
SW1(config-vlan)#private-vlan 20 community bridge 1	Configure VLAN 20 as community VLAN
SW1(config-vlan)#private-vlan 100 primary bridge 1	Configure VLAN 100 as primary VLAN
SW1(config-vlan)#private-vlan 100 association add 10 bridge 1	Associate secondary isolated VLAN 10 with primary VLAN 100
SW1(config-vlan)#private-vlan 100association add 20 bridge 1	Associate secondary community VLAN 20 with primary VLAN 100
SW1(config-vlan)#exit	Exit VLAN configuration mode
SW1(config)#interface xe1	Enter interface configuration mode for xe1
SW1(config-if)#switchport	Configure switchport
SW1(config-if)#bridge-group 1	Associate interface with bridge-group 1
SW1(config-if)#switchport mode trunk	Set the switching characteristics of this interface as trunk
SW1(config-if)#switchport trunk allowed vlan add 10,20,100	Configure VLAN 10,20,100 (primary, secondary VLANs)
SW1(config-if)#exit	Exit interface mode
SW1(config)#interface xe3	Enter interface configuration mode for xe3
SW1(config-if)#switchport	Configure switchport
SW1(config-if)#bridge-group 1	Associate interface with bridge-group 1
SW1(config-if)#switchport mode trunk	Set the switching characteristics of this interface as trunk
SW1(config-if)#switchport mode private-vlan promiscuous	Configure the interface as promiscuous port for private-vlan
SW1(config-if)#switchport trunk allowed vlan add 100	Configure VLAN 100 (primary VLAN)
SW1(config-if)#switchport private-vlan mapping 100 add 10	Associate port with primary and secondary VLAN of private- vlan
SW1(config-if)#switchport private-vlan mapping 100 add 20	Associate port with primary and secondary VLAN of private- vlan
SW1(config-if)#exit	Exit interface mode
SW1(config)#interface xe4	Enter interface configuration mode for xe4
SW1(config-if)#switchport	Configure switchport
SW1(config-if)#bridge-group 1	Associate interface with bridge-group 1
SW1(config-if)#switchport mode access	Set the switching characteristics of this interface as access
SW1(config-if)#switchport mode private-vlan host	Configure the interface as host port for private-vlan
SW1(config-if)#switchport access vlan 20	Configure VLAN 20 (community VLAN)
SW1(config-if)#switchport private-vlan host- association 100 add 20	Associate port with primary and secondary VLAN of private- vlan
SW1(config-if)#exit	Exit interface mode
SW1(config)#interface xe2	Enter interface configuration mode for xe2
SW1(config-if)#switchport	Configure switchport
SW1(config-if)#bridge-group 1	Associate interface with bridge-group 1
SW1(config-if)#switchport mode access	Set the switching characteristics of this interface as access
SW1(config-if)#switchport mode private-vlan host	Configure the interface as host port for private-vlan
SW1(config-if)#switchport access vlan 10	Configure VLAN 10 (isolated VLAN)
SW1(config-if)#switchport private-vlan host- association 100 add 10	Associate port with primary and secondary VLAN of private- vlan
SW1(config-if)#exit	Exit interface mode
SW1(config)#commit	Commit the configure on the node.
SW1(config)#exit	Exit configuration mode

SW2

SW2#configure terminal	Enter configuration mode
SW2(config)#bridge 1 protocol ieee vlan- bridge	Create bridge
SW2(config)#vlan database	Enter VLAN configuration mode
SW2(config-vlan)#vlan 10 bridge 1 state enable	Create VLAN 10
SW2(config-vlan)#vlan 20 bridge 1 state enable	Create VLAN 20
SW2(config-vlan)#vlan 100 bridge 1 state enable	Create VLAN 100
SW2(config-vlan)#private-vlan 10 isolated bridge 1	Configure VLAN 10 as isolated VLAN
SW2(config-vlan)#private-vlan 20 community bridge 1	Configure VLAN 20 as community VLAN
SW2(config-vlan)#private-vlan 100 primary bridge 1	Configure VLAN 100 as primary VLAN
SW1(config-vlan)#private-vlan 100 association add 10 bridge 1	Associate secondary isolated VLAN 10 with primary VLAN 100
SW1(config-vlan)#private-vlan 100 association add 20 bridge 1	Associate secondary community VLAN 20 with primary VLAN 100
SW2(config-vlan)#exit	Exit VLAN configuration mode
SW2(config)#interface xe1	Enter interface configuration mode for xe1
SW2(config-if)#switchport	Configure switchport
SW2(config-if)#bridge-group 1	Associate interface with bridge-group 1
SW2(config-if)#switchport mode trunk	Set the switching characteristics of this interface as trunk
SW2(config-if)#switchport trunk allowed vlan add 10,20,100	Configure VLAN 10,20,100 (primary, secondary VLANs)
SW2(config-if)#exit	Exit interface mode
SW2(config)#interface xe2	Enter interface configuration mode for xe2
SW2(config-if)#switchport	Configure switchport
SW2(config-if)#bridge-group 1	Associate interface with bridge-group 1
SW2(config-if)#switchport mode access	Set the switching characteristics of this interface as access
SW2(config-if)#switchport mode private-vlan host	Configure the interface as host port for private-vlan
SW2(config-if)#switchport access vlan 10	Configure VLAN 10 (isolated VLAN)
SW2(config-if)#switchport private-vlan host- association 100 add 10	Associate port with primary and secondary VLAN of private- vlan
SW2(config-if)#exit	Exit interface mode
SW2(config)#interface xe3	Enter interface configuration mode for xe3
SW2(config-if)#switchport	Configure switchport
SW2(config-if)#bridge-group 1	Associate interface with bridge-group 1
SW2(config-if)#switchport mode access	Set the switching characteristics of this interface as access
SW2(config-if)#switchport mode private-vlan host	Configure the interface as host port for private-vlan
SW2(config-if)#switchport access vlan 20	Configure VLAN 20 (community VLAN)
SW2(config-if)#switchport private-vlan host- association 100 add 20	Associate port with primary and secondary VLAN of private- vlan
SW2(config-if)#exit	Exit interface mode
SW2(config)#commit	Commit the configure on the node.
SW2(config)#exit	Exit configuration mode

Validation

SW1#show vlan private-vlan bridge 1

PRIMARY SECONDARY TYPE INTERFACES

------- --------- ---------- ----------

100 10 isolated xe1,xe2,

100 20 community xe1,xe4,

SW1#

SW2#show vlan private-vlan bridge 1

PRIMARY SECONDARY TYPE INTERFACES

------- --------- ---------- ----------

100 10 isolated xe1,xe2,

100 20 community xe1,xe3,

SW2#

Last modified date: 10/12/2023