314 BigIron RX Series Configuration Guide53-1001986-01Private VLANs11• There is currently no support for IGMP Snooping within Private VLANs. In order to let clients inPrivate VLANs get multicast traffic, IGMP Snooping must be disabled, so that all multicastpackets are treated as unregistered multicast packets and get flooded in software to all theports.• You can configure private VLANs and dual-mode VLAN ports on the same device. However, thedual-mode VLAN ports cannot be members of Private VLANs.• A primary VLAN can have multiple ports. All these ports are active, but the ports that will beused depends on the private VLAN mappings. Also, secondary VLANs (isolated and communityVLANs) can be mapped to multiple primary VLAN ports. For example:pvlan mapping 901 ethernet 1/2pvlan mapping 901 ethernet 2/2pvlan mapping 901 ethernet 3/2Configuring a private VLANTo configure a private VLAN, configure each of the component VLANs (isolated, community, andpublic) as a separate port-based VLAN:• Use standard VLAN configuration commands to create the VLAN and add ports.• Identify the type private VLAN type (isolated, community, or public)• For the primary VLAN, map the other private VLANs to the ports in the primary VLANConfiguration rulesNOTEAlthough a private VLAN resides within a port-based VLAN, the VLAN is considered to beexclusively a private VLAN, not a port-based VLAN.• You cannot use the private VLAN feature and the dual-mode VLAN port feature on the samedevice.• The Spanning Tree Protocol (STP) is independent of this feature, and can be enabled ordisabled in the individual port-based VLANs. However, private VLANs are not supported withsingle-instance STP (“single span”).• You can configure only one private VLAN within a given port-based VLAN. Thus, you mustconfigure a separate port-based VLAN for each private VLAN.• Each private VLAN can have only one primary VLAN and can not belong LACP ports.• Each private VLAN can have multiple isolated or community VLANs. You can use anycombination of isolated or community VLANs with the primary VLAN. You do not need to useboth isolated and community VLANs in the private VLAN.• You can configure the primary VLAN before or after you configure the community or isolatedVLANs. You are not required to configure a specific type of private VLAN before you canconfigure the other types.• The ports in all three types of private VLANs can be untagged.• The primary VLAN has only one active port. The primary VLAN can have more than one port,but only the lowest-numbered available port is active. The other ports provide redundancy.• You cannot configure the default VLAN (VLAN 1) as a private VLAN.