Hello,

I've been trying to educate myself specifically about VLAN configurations, but I'm still very new to switch configuration and VLANs in general, so thank you in advance for your patience.

For context, I'm essentially trying to configure several Community Private VLANs on a SG220-26 switch (or achieve a similar effect). I'd like to effectively establish a layer 2 "tunnel" between pairs of ports on the switch (the devices connected outside of these port pairs may be on the same subnet as other devices with which I do not want to allow communication). I also need to have a "promiscuous port" to which all traffic can flow regardless of their layer 2 "tunnels".

Unfortunately, from what I've been able to gather, the SG220-26 switch does not have the ability to setup community private VLANs. And I'm struggling to understand if the VLAN configuration I've described above is possible on this switch. I've tried setting up a pair of ports to be in access mode on a separate untagged PVID let's say ID 2, and then setting my "promiscuous" port to be in general mode with an untagged VLAN id of 2 and an untagged PVID of 1 (to enable communication with another pair of ports). I'm not able to get any communication from my test machine on the first promiscuous port to the pair of ports on the separate PVID.

I've tried several other configurations as well, but to no avail. I can't seem to get my "promiscuous" port to forward traffic to separate PVIDs. Do y'all have any thoughts on how to get this configuration on the SG220-26 switch? Is this possible?

Please let me know if I'm not clear enough.