Hello Julien_dpr,

Please configure acording to to the following configuration guide p.163 onwards:

https://support.hpe.com/hpesc/public/docDisplay?docId=a00017775en_us&docLocale=en_US

Also please note the following requirements are met:

Make sure the following requirements are met:
􀁻 For a promiscuous port:
− The primary VLAN is the PVID of the port.
− The port is an untagged member of the primary VLAN and secondary VLANs.
􀁻 For a host port:
− The PVID of the port is a secondary VLAN.
− The port is an untagged member of the primary VLAN and the secondary VLAN.
􀁻 A trunk promiscuous or trunk secondary port must be a tagged member of the primary
VLANs and the secondary VLANs.
• VLAN 1 (system default VLAN) does not support the private VLAN configuration

Hope this helps!

Hello,

I followed the guide to try a configuration but the private vlan is not working across switches as you can see in this example :
https://ibb.co/1fyQ6Qn 

My goal here is to have laptops connected to my access's switches and they must be able to ping our gateway on the router ( 10.10.10.254 ) but they can't ping with each other. I'm using private vlan and not port-isolated because i will have multiple acces's switches connected to my distribution's switch.

So, to reach my goal i tried the following configuration (only showing vlan configuration on interfaces)  : 

--------------- DISTRIBUTION ---------------

vlan 10
 private-vlan primary 
 private-vlan secondary 100
vlan 100
 private-vlan isolated
int gi 1/0/1
 port access vlan 10
 port private-vlan 10 promiscuous
int gi 1/0/2
 port link-type hybrid 
 port hybrid vlan 10 100 tagged 
 port privat-vlan 100 trunk secondary

------------- ACCES ---------------------
vlan 10
 private-vlan primary
 private-vlan secondary 100
vlan 100 
 private-vlan isolated
int gi 1/0/1 
 port access vlan 100 
 port private-vlan host
int gi 1/0/2
 port access vlan 100
 port private-vlan host
int gi 1/0/3
 port link-type hybrid 
 port hybrid vlan 10 100 tagged

 And with this configuration my laptops can't communicate with each other but they can't ping the gateway neither, and i don't understand why.
Also, when i'm configuring the hosts on the distribution, they can communicate with the router but they can't with each other. So the problem seems to be during the tagged communication across switches to reach the gateway.
I tried antoher configuration on the acces's switch as well : 

------- ACCESS ------

vlan 100 
 name secondary vlan
int gi 1/0/1 
 port access vlan 100 
 
int gi 1/0/2
 port access vlan 100

int gi 1/0/3
 port link-type hybrid 
 port hybrid vlan 10 tagged

If you could help me, it would be much appreciate

Hello  Julien_dpr,

Please try under port int gi 1/0/3 on access switch to add:

port private-vlan 100 trunk secondary

Hope this helps

I tried to add trunk secondary on the uplink's interface of the acces's switch but it's changing nothing.

I still can't ping the gateway of my LAN.

Best Regards,

Hello Julien_dpr,

As it is possible that the order of operations could be different and you make a lot of changes and tests that some additional commands are added under the port configuration.

Please delete  the port configuration for the ports connecting the two switches and use the following port configuration for both ports for testing - on access 1/0/3 on distri 1/0/2, depending on your configuration :

-------------------------------------

port link-type trunk
port trunk permit vlan all

-------------------------------------

or

------------------------------------

port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 10 100 untagged
port hybrid pvid vlan 10

-------------------------------------

Please check the configuration of the port that there is no other configuration left as when you add private vlan command it is adding additional settings to the port. 

Hoper this helps!