+ Reply to Thread
Results 1 to 2 of 2

Thread: Private VLAN

  1. Junior Member
    Join Date
    Dec 2016
    Posts
    6
    #1

    Default Private VLAN

    Primary VLAN 100. VLAN 101 and 102 are community VLAN that belong to VLAN 100.
    VLAN 200 is not associated with any other vlan.

    Can VLAN 200 access to VLAN 101 as long as there is inter vlan routing and no ACL that is blocking?
    Reply With Quote Quote  

  2. Senior Member
    Join Date
    Jan 2016
    Location
    King City, CA
    Posts
    380

    Certifications
    A+, Network+, Security+ce, Server+, Project+, MCSA Server 2008, CCENT, CCNA R&S, CEHv8, CHFIv8, CCNA Security
    #2
    For Private VLANs, the major purpose is to control communication internally without having to change the IP addressing for that specific VLAN. That being said, they are locally significant. Communication inside the Private VLAN is tightly controlled by the different types of ports (Isolated, Community, Promiscuous). All the VLANs that are part of the Private VLAN are going to communicate through a Promiscuous Port on the gateway device so they can reach the rest of the network.

    So to answer your question, yes, you have that exactly right. Private VLANs are complicated to understand at first, but if you watch a video where you can see the implementation graphically, it makes a lot more sense. Keith Barker does a great job of this by comparing Private VLANs to "islands" with different groups of visitors. It was really awesome to see it explained that way.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks