HP Comware 5 - Community Private VLANs

muhfugen

Active Member
Dec 5, 2016
131
38
28
I was wondering how do you implement community private VLANs on a switch (HPE FlexFabric A5800) running Comware 5?

The current configuration looks like:

Code:
HP A5800 g1/0/1 <-> g1/0/25 Cisco Catalyst 3750E <-> VMware vSphere Virtual Distributed Switch
Cisco config:

Code:
vlan 50
name Internet_Promiscuous
private-vlan primary
private-vlan association 51-52
!
vlan 51
name Internet_Isolated
private-vlan isolated
!
vlan 52
name Internet_Exchange
private-vlan community
!
interface GigabitEthernet1/0/25
description HP_A5800_Uplink
switchport trunk encapsulation dot1q
switchport mode trunk
Comware config:

Code:
vlan 50
description Internet_Promiscuous
isolate-user-vlan enable
#
vlan 51
description Internet_Isolated
#
vlan 52
description Internet_Exchange
#
interface GigabitEthernet1/0/1
description Catalyst_3750E_Uplink
port link-mode bridge
port link-type trunk
port trunk permit vlan all
#
interface GigabitEthernet1/0/2
description Internet_Promiscuous
port link-mode bridge
port isolate-user-vlan 50 promiscuous
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 50 to 52 untagged
port hybrid pvid vlan 50
#
isolate-user-vlan 50 secondary 51 to 52
Comware: display isolate-user-vlan

Code:
Isolate-user-VLAN VLAN ID : 50
Secondary VLAN ID : 51-52
VLAN ID: 50
VLAN Type: static
Isolate-user-VLAN type: isolate-user-VLAN
Route Interface: not configured
Description: Internet_Promiscuous
Name: VLAN 0050
Tagged  Ports:
GigabitEthernet1/0/1
Untagged Ports:
GigabitEthernet1/0/2
VLAN ID: 51
VLAN Type: static
Isolate-user-VLAN type: secondary
Route Interface: not configured
Description: Internet_Isolated
Name: VLAN 0051
Tagged  Ports:
GigabitEthernet1/0/1
Untagged Ports:
GigabitEthernet1/0/2
VLAN ID: 52
VLAN Type: static
Isolate-user-VLAN type: secondary
Route Interface: not configured
Description: Internet_Exchange
Name: VLAN 0052
Tagged  Ports:
GigabitEthernet1/0/1
Untagged Ports:
GigabitEthernet1/0/2
The 5800s are new and everything has been confirmed as working on the Cisco and vSphere side for a long time. When I hook my laptop to g1/0/2 on the HP, I can talk to VMs in VLANs 50 and 51 but not 52, I can also talk to VMs in other (non PVLAN) VLANs/subnets. So my questions would be, why arent community PVLANs working on the Comware side? Obviously i'm missing some sort of config, but I've tried googling and I can find references to promiscuous and isolated PVLANs in Comware but nothing about community PVLANs. Does Comware 5 just not support community PVLANs?