Private VLANs

Understanding Private VLANs
We can separate layer-2 traffic with VLANs, but sometimes that’s not enough. Sometimes we need more segmentation, and that’s where Private VLANs come in.

Private VLANs are VLANs within VLANs. One VLAN is the primary VLAN (which is where shared devices go) and the rest are secondary VLANs.

Devices in secondary VLANs cannot talk to devices in other secondary VLANs. Yet, the entire system still retains a single logical subnet, and can have a shared (AKA ‘promiscuous’) gateway.

Secondary VLANs may be ‘community’ or ‘isolated’. Devices in a community VLAN can talk to each other, but not to other secondary VLANs. Devices in isolated VLANs cannot talk to anything except for promiscuous devices.

How does trunking affect this? That depends if your switches are all PVLAN aware or not. If not, you may need to configure a ‘promiscuous private vlan trunk’ or an ‘isolated private vlan trunk’.

A big thank you to Patreon supporters! You can download the lab files here:
https://networkdirection.net/labsandquizzes/labs/

If you’re studying for the exam, consider The CCNP Switch Foundation guide (affiliate): https://click.linksynergy.com/link?id=RL4E*8CmbSY&offerid=145238.2204859&type=2&murl=http%3A%2F%2Fwww.ciscopress.com%2Ftitle%2F9781587206641

Overview of this video:

0:00 Introduction

0:43 Classic VLANs

1:18 The Need for Private VLANs

2:16 PVLAN Overview

3:15 Promiscuous Ports

4:20 Community VLANs

5:10 Isolated VLANs

5:47 Configuration

9:27 Trunking

LET’S CONNECT

🌏 https://www.youtube.com/c/networkdirection

🌏 https://twitter.com/NetwrkDirection

🌏 https://www.patreon.com/NetworkDirection

🌏 https://www.networkdirection.net .