Configuration Notes of PVLAN

When configuring PVLAN on a device, pay attention to the following points:

One pair of PVLAN consists of only one primary VLAN and at least one secondary VLAN. One switch can configure multiple pairs of PVLAN.
One primary VLAN can be associated with multiple community VLANs and only one isolated VLAN.
A secondary VLAN (isolated or community) can be associated with one and only one primary VLAN, but not multiple primary VLANs.
PVLAN supports to be deployed in conjunction with MSTP or rapid PVST+. A pair of primary VLAN and secondary VLANs should be in the same MSTP instance when MSTP is deployed with PVLAN.
PVLAN supports to be deployed with DHCP snooping.
Both primary VLAN and secondary VLAN should be in the same MSTP instance when MSTP is deployed with PVLAN.
Layer 3 routing on private VLAN is not supported.
VLAN 1 is not allowed to be configured as a private VLAN.
If you want to change a private VLAN to a normal VLAN, you need to remove the configurations for PVLAN-related binding relationship before you can remove the PVLAN mode configuration. For example, if you use the set vlans vlan-id <vlan-id> private-vlan association <secondary-vlan-list> command for PVLAN association, remove the binding relationship first before you can change the private VLAN to a normal VLAN.

Similarly, it is also required to remove the private VLAN related configuration (e.g. static MAC address configurations on private VLAN) before changing the role of a private VLAN to another PVLAN type, e.g. when changing the PVLAN type from primary VLAN to secondary VLAN.

Before modifying or deleting PVLAN association configuration, you need to delete all the PVLAN settings of the involved Private VLANs.
For the secondary VLANs configured on the normal trunk port, the static MAC entries configured on these secondary VLANs are NOT duplicated to the primary VLAN.
However, for the primary VLAN configured on the normal trunk port, the static MAC entries configured on this primary VLAN are duplicated to the secondary VLANs.