Private VLANs (pVLANs) - :
You can Reach Our "CCNA Lab Courses with Packet Tracer" on Udemy.!!!
cisco-packet-tracer-ccna-adventure-1- cisco-packet-tracer-ccna-adventure-2-
Content Protection by

Private VLANs (pVLANs)

VLANs used to divide the Broadcast Domains. With this division, different departments, networks are isolated each other and become another Broadcast Domain. Sometimes, this separation is not enough and additional separation is needed. Private VLANs (pVLANs) are used at these times.

Basically we can say that Private VLANs are sub-VLANs or VLAN of VLANs. With Private VLANs, in the same Broadcast Domain, network can be divided again. This time, the network is still one Broadcast Domain but as divided.

Private VLAN Sub VLAN Types

In Private VLANs (pVLANs), there are two different sub VLAN types. These are, Primary VLAN and Secondary VLANs. Primary VLAN use a VLAN ID that is same for all the other sub VLANs. Secondary VLANs are also use VLAN ID. But Secondary VLANs’ VLAN ID provides the separation of different sub VLANs.

Secondary VLANs has also two sub type VLANs. These are Community VLANs and Isolated VLANs.

Let’s pick up all VLAN types of a Private VLANs :

• Primary VLAN
• Community VLAN
• Isolated VLAN


Primary VLAN is a normal VLAN as we discussed before. It is the upper VLAN now. You can use one Primary VLAN per Private VLAN and all the other port types are member of this Primary VLAN.

Community VLAN is a secondary VLAN that providea sub VLAN with the ports in the same community. You can use multiple community VLANs per Private VLAN.

Isolated VLAN is the VLAN that can communciate only with isolated ports and promiscious ports. It is isolated from other ports as its name. You can use one isolated VLAN per Private VLAN.

Private VLANs can be used on one switch or on multiple switches. This is up to the topology used. Above we saw the topology that includes one switch. Below, you can see the Private VLAN topology with multiple switch.


Private VLAN Port Types

During Private VLAN configuration, one of the other important point is ports. There will be some port modes here. These port modes are:

Promiscuous Port
Community Port
Isolated Port


Promiscuous Port is the port that can communicate with all the interfaces in the Private VLANs. We can call this port “All in” port.

Community Port is the port that can communicate only with the ports in the same Community and Promiscuous Port.

Isolated Port is the port that can communicate with Promiscuous Port.

In this article, we have talked about Private VLANs. If you want to learn more about Private VLANs, you can check Private VLAN Cisco Configuration Example article also ;)

Private VLANs
Private VLAN Cisco Configuration

What is Protected Port?

Other VLAN lessons :

VLAN – Part 1
VLAN – Part 2 (VLAN Assignments and VLAN Port Types)
VLAN – Part 3 (VLAN Frame Tagging Protocols, ISL and Dot1.q)
VLAN – Part 4 (How to Configure Cisco VLANs)
VLAN – Part 5 (Packet Tracer VLAN Configuration Example)
VLAN Configuration on Huawei Switches

You can Reach Our "CCNA Lab Courses with Packet Tracer" on Udemy.!!!
cisco-packet-tracer-ccna-adventure-1- cisco-packet-tracer-ccna-adventure-2-

About the Author
Gokhan Kosem is a telecommunation and network engineer. His ambition to IP networks and end-to-end system installation made him to prepare this web-site. By sharing his experiences about various networking protocols beside different system installation experiences and Cisco, Juniper, Alcatel-Lucent devices configurations, he is aimed to be helpful for his collegues in all over the world. He is currently lives in Istanbul, Turkey.

3 comments for “Private VLANs (pVLANs)”


Wow great info! Are private VLANs a new topic on CCNA exams?

September 18th, 2017 at 05:31

It is for CCNP Daniel ;)

September 22nd, 2017 at 20:06

It was very informative.. Please explain the configuration part of private VLAM.

Thank You

September 19th, 2017 at 16:07

Leave a Reply

Copy Protected by Chetan's WP-Copyprotect.