When you use the port isolate-user-vlan vlan-id promiscuous command on a port that is operating in promiscuous mode, the device automatically executes the undo port isolate-user-vlan command to cancel the promiscuous mode of the port first.
------------------------------
Janet Hancock
------------------------------
Original Message:
Sent: Feb 14, 2022 09:19 AM
From: Robert Sander
Subject: isolate-user-vlan and tagged VLANs on promiscuous port
Hi,
we have configured a HP A5500-48G-4SFP HI switch running software version 5.20.99 to handle private VLANs (called isolate-user-vlan in the manual).
vlan 208
description pvlan-test-208
name pvlan-test-208
isolate-user-vlan enable
vlan 3998
description iso-208-test
isolated-vlan enable
interface Bridge-Aggregation1
description gate-1
port isolate-user-vlan 208 promiscuous
port link-type hybrid
port hybrid vlan 1 to 4094 tagged
link-aggregation mode dynamic
isolate-user-vlan 208 secondary 3998
The device at that bridge aggregation is a Linux box with a bonding interface and VLAN interfaces on top of the bonding interface.
Pakets coming from a maschine within the isolated secondary PVLAN 3998 are still arriving tagged with that VLAN id.
We have another switch (FlexFabric) where is construct works.
Is this switch not able to have a promiscuous isolate-user-vlan port on a tagged interface?
MyIndigoCard
------------------------------
Robert Sander
------------------------------