BLADE OS™ Application Guide HP GbE2c Ethernet Blade Switch for c-Class BladeSystem Version 5.1 Advanced Functionality Software
Table Of Contents
- Contents
- Figures
- Tables
- Preface
- Part 1: Basic Switching
- Accessing the Switch
- The Management Network
- Local Management Using the Console Port
- The Command Line Interface
- Remote Management Access
- Client IP Address Agents
- Securing Access to the Switch
- Setting Allowable Source IP Address Ranges
- RADIUS Authentication and Authorization
- TACACS+ Authentication
- LDAP Authentication and Authorization
- Secure Shell and Secure Copy
- Configuring SSH/SCP Features on the Switch
- Configuring the SCP Administrator Password
- Using SSH and SCP Client Commands
- SSH and SCP Encryption of Management Messages
- Generating RSA Host and Server Keys for SSH Access
- SSH/SCP Integration with Radius Authentication
- SSH/SCP Integration with TACACS+ Authentication
- End User Access Control
- Ports and Trunking
- Port-Based Network Access Control
- VLANs
- Spanning Tree Protocol
- RSTP and MSTP
- Link Layer Discovery Protocol
- Quality of Service
- Accessing the Switch
- Part 2: IP Routing
- Basic IP Routing
- Routing Information Protocol
- IGMP
- OSPF
- OSPF Overview
- OSPF Implementation in BLADE OS
- OSPF Configuration Examples
- Remote Monitoring
- Part 3: High Availability Fundamentals
- High Availability
- Layer 2 Failover
- Server Link Failure Detection
- VRRP Overview
- Failover Methods
- BLADE OS Extensions to VRRP
- Virtual Router Deployment Considerations
- High Availability Configurations
- High Availability
- Part 4: Appendices
- Index
BLADE OS 5.1 Application Guide
BMD00113, September 2009 Chapter 4: VLANs 107
Private VLANs Configuration Guidelines
The following guidelines apply when configuring Private VLANs:
The management VLAN 4095 cannot be a Private VLAN. Management port 19 cannot be a
member of a Private VLAN.
The default VLAN 1 cannot be a Private VLAN.
Protocol-based VLANs cannot be used the same ports as Private VLANs. Protocol-based
VLANs must be disabled on ports that use Private VLANs.
IGMP Snooping must be disabled on isolated VLANs.
Each secondary port’s (isolated port and community ports) PVID must match its corresponding
secondary VLAN ID.
Private VLAN ports cannot be members of a trunk group. Link Aggregation Control Protocol
(LACP) must be turned off on ports within a Private VLAN.
Ports within a secondary VLAN cannot be members of other VLANs.
All VLANs that comprise the Private VLAN must belong to the same Spanning Tree Group.
Blade servers connected to downlink ports (secondary VLAN ports) must be configured to tag
packets with the primary VLAN number.
Private VLANs Configuration Example
Follow this procedure to configure a Private VLAN.
1. Select a VLAN and define the Private VLAN type as primary.
2. Configure a secondary VLAN and map it to the primary VLAN.
>> /cfg/l2/vlan 100 (Select VLAN 100)
>> VLAN 100# privlan/type primary (Define the Private VLAN type)
Current Private-VLAN type:
Pending Private-VLAN type: primary
>> privlan# ena
>> /cfg/l2/vlan 110 (Select VLAN 110)
>> VLAN 110# privlan/type isolated (Define the Private VLAN type)
Current Private-VLAN type:
Pending Private-VLAN type: isolated
>> privlan# map 100 (Map to the primary VLAN)
Vlan 110 is mapped to the primary vlan 100.
Vlan 110 port(s) will be added to vlan 100.
>> privlan# ena
>> privlan# apply (Apply the configuration)
>> privlan# save (Save your changes)