Tag: private-vlan

CCNP R&S Switch: Private VLANs

by Samuel Mitchell, posted in Cisco, Routing & Switching, Security

This article describes the Private VLANs on a Cisco switch.

There are three (3) type of Private VLANs:

  1. Primary
  2. Isolated
  3. Community

There are two port types that are associated with Private VLANs:

  • Promiscuous
  • Host

You can configure a host port to be associated with either an Isolated or Community VLAN.

Individual ports in an Isolated VLAN cannot communicate with any other port except the port in the primary VLAN.

All Ports in a Community VLAN can communicated with other ports in the same VLAN and with the port in the Primary VLAN.

Promiscuous port can communicate with all ports in either an Isolated or Community VLAN that it is associated with.

Private VLANs can be replicated to other switches using VTPv3.

Secondary VLANs (Community and Isolated) can only be mapped to one Primary VLAN (Promiscuous).

Cisco reference: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/50sg/configuration/guide/Wrapper-46SG/pvlans.pdf