Virtual LANs (VLANs) are used to create separate broadcast domains within a Local Area Network (LAN). A Virtual LAN (VLAN) is a broadcast domain and is also a separate IP subnet. Virtual LANs limit broadcasts to specified devices.
Private VLANs (PVLANs) divide the broadcast domain into multiple broadcast sub-domains. The Private VLANs (PVLANs) feature allows further isolating different devices within the same VLAN. Private VLANs (PVLANs) provide layer 2 isolation between ports within the same broadcast domain.
Private VLANs (PVLANs) feature can be used to create Secondary VLANs inside a Primary VLAN. Primary VLANs are just normal VLANs. Secondary VLANs are also created as normal VLANs, but it is later associated with a Primary VLAN.
Secondary VLANs can be in any one of the following modes.
• Isolated VLAN: The network devices attached to the ports associated with an Isolated private VLAN cannot communicate with one another. They can communicate with a Promiscuous port within the same Private VLAN (PVLAN).
• Community VLAN: The network devices attached to the ports associated with Community VLAN can communicate with one another. They can also communicate with a Promiscuous port within the Private VLAN (PVLAN).
Following are the three types of Private VLAN (PVLAN) ports.
• Promiscuous Port: A promiscuous port can communicate with all interfaces inside the Private VLAN (PVLAN), including the isolated and community ports.
• Isolated Port: An Isolated port cannot communicate with other ports within the same PVLAN, except the promiscuous ports. PVLANs block all traffic to isolated ports except traffic from promiscuous ports.
• Community Port: Community ports can communicate among themselves and with the promiscuous ports. Community ports cannot communicate with interfaces in other communities or isolated ports.
Note: Only one secondary Isolated type VLAN can be associated to a Primary VLAN. Multiple secondary type Community VLANs can be associated to a Primary VLAN.
Click the following link to learn how to configure PVLANs (Private VLANs).