What is Private VLAN (PVLAN)
To understand the notion of “Private VLAN”, we need to know how VLAN works – All the devices in a VLAN can hear the broadcast sent by any of the device in the same segment – Hence VLAN has a single broadcast domain.
However Private VLANs split the single Broadcast domain further into multiple isolated broadcast subdomains. VLANs usually correspond to a single IP subnet. When we split VLAN using PVLANs, hosts in different PVLANs still belong to the same IP subnet, but they need to use another L3 device (Router or Layer 3 Switch) to talk to each other.
Approach used by Private VLAN
Private VLAN divides a VLAN into sub-VLANs. It uses below approach to meet the objective of segregating single VLAN into multiple smaller broadcast subdomains –
(a) Primary VLAN – This type of VLAN is used to forward frames downstream to all Secondary VLANs. (b) Secondary VLAN – Secondary VLAN can be any one of the two – (b.1) Isolated (b.2) Community (b.1) Isolated – In Isolated VLAN, If any port is part of Isolated VLAN, it can reach the primary VLAN, but not any other Secondary VLAN (Isolated or Community) i.e. hosts associated with the same Isolated VLAN cannot even reach each other. There can be multiple Isolated VLANs in one Private VLAN domain (which may be useful if the VLANs need to use distinct paths for security reasons). (b) Community – Switch ports part of community VLAN can communicate with each other in same community and with the primary VLAN but not with any other secondary VLAN. There can be multiple distinct community VLANs within one Private VLAN domain. There are two types of ports in a Private VLAN – (a) Promiscuous port (b) Host port. Host port further divides in two types – (b.1) Isolated port and (b.2) Community port. (b) Host Ports – (b.1) Isolated Port – This port is part of isolated VLAN. This port communicates only with Promiscuous ports. (b.2) Community Port – This port is part of of community VLAN. This port communicates with Promiscuous Ports and ports on the same community VLAN. Below diagram gives more detail on, which communication is allowed and which are disallowed in a Private VLAN environment across various ports in promiscuous, Community and Isolated VLANs. Private VLAN – Configuration Scenario If you want to learn more about VLAN, then check our e-book on VLAN Interview Questions and Answers in easy to understand PDF Format explained with relevant Diagrams (where required) for better ease of understanding. I am here to share my knowledge and experience in the field of networking with the goal being – “The more you share, the more you learn.” I am a biotechnologist by qualification and a Network Enthusiast by interest. I developed interest in networking being in the company of a passionate Network Professional, my husband. I am a strong believer of the fact that “learning is a constant process of discovering yourself.”Types of Ports in PVLAN
Continue Reading:
Are you preparing for your next interview?
For more information related VLAN or Virtual LAN watch this video –
ABOUT THE AUTHOR
– Rashmi Bhardwaj (Author/Editor)
