Private VLANs (pVLANs) - www.ipcisco.com : www.ipcisco.com
Content Protection by DMCA.com

Private VLANs (pVLANs)

VLANs provide dividing the broadcast domains. With this divition, different departments, networks are isolated each other and become another broadcast domain. Sometimes, this separation is not enough and additional separation is needed. Private VLANs are used at these times.

Basically we can say that private VLANs are sub-VLANs or VLAN of VLANs. With private VLANs, in the same broadcast domain, network can be divided again. This time, the network is still one broadcast domain but divided.

Private VLAN Sub VLAN Types

In Private VLANs (pVLANs), there are two different sub VLAN types. These are, Primary VLAN and Secondary VLANs. Primary VLAN use a VLAN ID that is same for all the other sub VLANs. Secondary VLAN ID provides the separation of different sub VLANs.

Secondary VLANs has also two type VLANs. These are Community VLANs and Isolated VLANs.
Let’s pick up all VLAN types of a Private VLAN:

• Primary VLAN
• Community VLAN
• Isolated VLAN

private-vlan-topology

Primary VLAN is a normal VLAN as we discussed before. It is the upper VLAN now. You can use one Primary VLAN per Private VLAN and all the other port types are member of this Primary VLAN.

Community VLAN is a secondary VLAN that providea sub VLAN with the ports in the same community. You can use multiple community VLANs per Private VLAN.

Isolated VLAN is the VLAN that can communciate only with isolated ports and promiscious ports. It is isolated from other ports as its name. You can use one isolated VLAN per Private VLAN.

Private VLANs can be used on one switch or on multiple switches. This is up to the topology used. Above we saw the topology that includes one switch. Below, you can see the Private VLAN topology with multiple switch.

private-vlan-types

Private VLAN Port Types

During Private VLAN configuration, one of the other important point is ports. There will be some port modes here. These port modes are:

• Promiscuous Port
• Community Port
• Isolated Port

Private-vlan-ports

Promiscuous Port is the port that can communicate with all the interfaces in the Private VLANs. We can call this port “All in” port.

Community Port is the port that can communicate only with the ports in the same Community and Promiscuous Port.

Isolated Port is the port that can communicate with Promiscuous Port.

Other VLAN lessons :

VLAN – Part 1
VLAN – Part 2 (VLAN Assignments and VLAN Port Types)
VLAN – Part 3 (VLAN Frame Tagging Protocols, ISL and Dot1.q)
VLAN – Part 4 (How to Configure Cisco VLANs)
VLAN – Part 5 (Packet Tracer VLAN Configuration Example)
VLAN Configuration on Huawei Switches

Private VLANs
Private VLAN Cisco Configuration

What is Protected Port?




About the Author
Gokhan Kosem is a telecommunation and network engineer. His ambition to IP networks and end-to-end system installation made him to prepare this web-site. By sharing his experiences about various networking protocols beside different system installation experiences and Cisco, Juniper, Alcatel-Lucent devices configurations, he is aimed to be helpful for his collegues in all over the world. He is currently lives in Istanbul, Turkey.

Leave a Reply


Copy Protected by Chetan's WP-Copyprotect.