Sunday, February 20, 2011

Concepts of Private VLANs

Private VLANs are best suited for a service provider network who can isolate customer VLANs rather than assigning a new VLAN to every customer. Keep in mind that two of the major issues faced by service providers were:
  • If every client was assigned a new VLAN, they would only be able to support 4096 client :) Not a smart business move.
  • Then our already depleted IPV4 space would be further wasted just to pass traffic between clients.
Concept of a private vlan is very basic, take a vlan and subdivide that into many vlans. Each private vlan consists of ONE primary vlan and many secondary vlans.  There are two types of secondary vlans: Isolated or secondary. You can assign many community vlans to a primary VLAN but only ONE isolated VLAN can be assigned to each primary VLAN.

Private VLAN Ports:-

Private VLAN ports can be divided into three types:

Promiscuous Port

  • Promiscuous port belongs to the primary VLAN.
  • Promiscuous port can communicate with all ports that belong to a secondary VLAN (Isolated or Community) as long as they are associated to the same primary VLAN.

Isolated Port

  • An isolated port is a host port that belongs to an isolated secondary VLAN.
  • The host ports that belong to an isolated VLAN can NOT communicate with other ports in the isolated VLAN.
  • Isolated ports can ONLY communicate with the promiscuous ports.

Community Port

  • Community ports belong to a community secondary VLAN.
  • Community ports can communicate with ports in the same community VLAN along with the promiscuous ports.
  • Community ports can NOT communicate with ports in other community VLANs.

No comments:

Post a Comment