SOLVED
Hello
The option "forbid" is only useful if GVRP is enabled on the switch. Some info about GVRP from the manual:
GVRP (GARP VLAN Registration Protocol) is an application of GARP (Generic Attribute Registration Protocol.)It enables a switch to dynamically create 802.1Q-compliant VLANs on links with other devices running GVRP and automatically create VLAN links between GVRP-aware devices. (A GVRP link can include intermediatedevices that are not GVRP-aware.) This operation reduces the chance for errors in VLAN configurations by automatically providing VID (VLAN ID) consistency across the network.
You can find more about GVRP here. The forbid option is also explained here.
https://support.hpe.com/hpesc/public/docDisplay?docId=a00091278en_us
So when GVRP is enabled the switch-port can create dynamically a VLAN membership on the port (or learn dynamically the VLAN on this port) if this VLAN is advertised by a GVRP aware switch connected to this port. The forbit option is used to restrict the GVRP VLAN learning. So the port cannot be member of this VLAN even if GVRP is enabled and the GVRP peer switch advertises this VLAN.
GVRP is disabled by default, you can check the status with show gvrp. If GVRP is disabled, then you dont need to make any port forbidden on any VLAN. Just make port 2 untagged member of VLAN 50 and leave the rest untagged in VLAN 1.
Just want to add a small clarification about the following statement: you said, a port cannot be a member of a VLAN if it is not specifically marked as untagged on that VLAN. This is not entirely true. If a port is tagged on that VLAN it is also a member. You are using the untagged option when you connect end devices or other switches which support only a single VLAN. You used the tagged option when you need to make a port member of more than 1 VLAN. The typicall use case is when port connects to another switch and you want to transport all the VLANs supported on this switches via the same port. When you used the tagged option it is important to make sure that VLAN tagging on both sides is matching. A port can have only one untagged membership and multiple tagged memberships. It must have at least one VLAN membership either tagged or untagged.
