Home / Cisco R&S / Switching Basics : Private VLANs

Switching Basics : Private VLANs

Today I am going to talk about “Private VLANs”. By using Private VLANs you can restrict the specific port from the network and it can only communicate with the uplink port with which it connects.

We have two kind of VLANs; One is Primary VLAN and other is Secondary VLANs. Primary VLANs is a type of VLAN which is used to forward frames downstream to all Secondary VLANs.while Secondary VLANs are further divided in to the 2 types and these types are :

Isolated VLANs : 
As name suggested, it is isolated from all the port except the ports in the Primary VLAN or you can say the isolated VLAN port can only talk with the uplink port and will be isolated from the other ports in the network.

Community VLANs:
As name suggest. if two ports are in the community they can talk to each other and talk to the uplink port as well but not able to talk to the other members of the VLANs. They are restricted to have a communication with the isolated VLANs in the network.

Fig 1.1- Private VLANs

Most common question what i am thinking now;

If two different Ports are in the isolated VLANs, do they communicate with each other ?
The Answer is No, you can achieve this only using the community VLANs but in the case of isolated VLANs, they never communicate to each other and that is the reason why Private VLANs designed. So as per your requirements you can design your network with Isolated and the community VLANs.

Hope it will clear all your doubts as of now.

Some of the other terms you always hear in the case of Private VLANs and these terms are Promiscuous port and Host port. Let me explain that ports 
  • Promiscuous port : The port which can send the frames in the Switched network and communicate with all the ports in the network.There is no restriction for this port to communicate.
  • Host port : The Host port further divided into 2 parts; one is Isolated port and other is Community port. I hope you now understand the concept of host port.

The following vendors are supported Private VLANs on their Switches
  • Arista Networks- Hardware based Switches
  • Brocade- Hardware based Switches
  • Cisco Systems - Hardware based Switches and Virtual Switches
  • Juniper Networks - Hardware based Switches
  • Fortinet - Hardware based Switches
  • Extreme Networks - Hardware based Switches
  • Microns - Hardware based Switches
  • Alcatel-Lucent - Hardware based Switches
  • Microsoft- Virtual Switches
  • Oracle - Virtual Switches
  • VMware- Virtual Switches
  • Marathon Networks - Virtual Switches