Private VLANs (pVLANs)

Private-vlan-ports

VLANs used to divide the Broadcast Domains. With this division, different departments, networks are isolated each other and become another Broadcast Domain. Sometimes, this separation is not enough and additional separation is needed. Private VLANs (pVLANs) are used at these times.

Basically we can say that Private VLANs are sub-VLANs or VLAN of VLANs. With Private VLANs, in the same Broadcast Domain, network can be divided again. This time, the network is still one Broadcast Domain but as divided.

Private VLAN Sub VLAN Types

In Private VLANs (pVLANs), there are two different sub VLAN types. These are, Primary VLAN and Secondary VLANs. Primary VLAN use a VLAN ID that is same for all the other sub VLANs. Secondary VLANs are also use VLAN ID. But Secondary VLANs’ VLAN ID provides the separation of different sub VLANs.

Secondary VLANs has also two sub type VLANs. These are Community VLANs and Isolated VLANs.

Let’s pick up all VLAN types of a Private VLANs :

• Primary VLAN
• Community VLAN 
• Isolated VLAN

private-vlan-topology

Primary VLAN is a normal VLAN as we discussed before. It is the upper VLAN now. You can use one Primary VLAN per Private VLAN and all the other port types are member of this Primary VLAN.

Private VLAN Lessons

Private VLANs
Private VLAN Cisco Configuration

What is Protected Port?

Other VLAN Lessons :

VLAN – Part 1
VLAN – Part 2 (VLAN Assignments and VLAN Port Types)
VLAN – Part 3 (VLAN Frame Tagging Protocols, ISL and Dot1.q)
VLAN – Part 4 (How to Configure Cisco VLANs)
VLAN – Part 5 (Packet Tracer VLAN Configuration Example)
VLAN Configuration on Huawei Switches

6 Responses to “Private VLANs (pVLANs)”


  • Wow great info! Are private VLANs a new topic on CCNA exams?

  • It was very informative.. Please explain the configuration part of private VLAM.

    Thank You

  • Jose Rodriguez / / Reply

    The diagrams appear to be a L3 topology, but the same applies as to a L2 environment as well.. However, keeping the Vlan assignments to the access switch layer via L3 will also isolate spanning-tree issues to the access switch in question…

    Also note that isolating a Vlan may require additional smarts, such as ACL’s and/or firewalls to keep it isolated…

  • Gokan, Great work much appreciated. Good explanation.

Leave a Reply

Your email address will not be published.