/
Configuration Notes of PVLAN

Configuration Notes of PVLAN

Owned by Tracy Yang (Unlicensed)
Oct 14, 2021

When configuring PVLAN on a device, pay attention to the following points:

  • One pair of PVLAN consists of only one primary VLAN and at least one secondary VLAN. One switch can configure multiple pairs of PVLAN.
  • One primary VLAN can be associated with multiple community VLANs and only one isolated VLAN.
  • A secondary VLAN (isolated or community) can be associated with one and only one primary VLAN, but not multiple primary VLANs.
  • Each PVLAN port can only belong to one private VLAN (Primary VLAN, Isolated VLAN or Community VLAN), but not multiple PVLANs.
  • PVLAN Host Port can only be added into one Isolated VLAN or one Community VLAN.
  • PVLAN Promiscuous Port can only be added into one Primary VLAN.
  • PVLAN ports cannot be added into any normal VLANs.
  • Normal port cannot be added into private VLANs.
  • For PVLAN ports, make sure that their native VLAN is a Private VLAN, otherwise the ports won’t be able to forward packets normally.
  • PVLAN supports only MSTP feature, no other features are supported.
  • Both primary VLAN and secondary VLAN should be in the same MSTP instance when MSTP is deployed with PVLAN.
  • Do not enable DHCP relay or DHCP snooping on the switch enabled with PVLAN function.
  • PVLAN can be configured on a physical port but not on a LAG interface.
  • It is not supported to create the Layer 3 VLAN interface on a private VLAN.
  • The configuration of static MAC address is not supported on the private VLANs.
  • If you want to change a private VLAN to a normal VLAN, you need to remove the configurations for PVLAN-related binding relationship before you can remove the PVLAN mode configuration. For example, if you use the set vlans vlan-id <vlan-id> private-vlan association <secondary-vlan-list> command for PVLAN association, remove the binding relationship first before you can change the private VLAN to a normal VLAN.

   Similarly, it is also required to remove the private VLAN related configuration before changing the role of a private VLAN to another PVLAN type, e.g. when changing the PVLAN type from primary VLAN to secondary VLAN.

Copyright © 2025 Pica8 Inc. All Rights Reserved.