Start networking and exchanging professional insights

Register now or log in to join your professional community.

Follow

What is private VLAN in switching?

user-image
Question added by Attique Ahmad , Network Engineer Assistant , I solution's
Date Posted: 2016/04/17

Private VLAN, also known as port isolation, is a technique in computer networking where a VLAN contains switch ports that are restricted such that they can only communicate with a given "uplink". The restricted ports are called "private ports". Each private VLAN typically contains many private ports, and a single uplink. The uplink will typically be a port (or link aggregation group) connected to a routerfirewallserverprovider network, or similar central resource.

The switch forwards all frames received from a private port to the uplink port, regardless of VLAN ID or destination MAC address. Frames received from an uplink port are forwarded in the normal way (i.e. to the port hosting the destination MAC address, or to all ports of the VLAN for broadcast frames or for unknown destination MAC addresses). As a result, direct peer-to-peer traffic between peers through the switch is blocked, and any such communication must go through the uplink. While private VLANs provide isolation between peers at the data link layer, communication at higher layers may still be possible depending on further network configuration.

Nadim Khan
by Nadim Khan , Sr. ITSM System | Security Engineer , Clever solutions

Private VLAN, also known as port isolation, is a technique in computer networking where a VLAN contains switch ports that are restricted such that they can only communicate with a given "uplink". The restricted ports are called "private ports". Each private VLAN typically contains many private ports, and a single uplink.

Yousef Wshah
by Yousef Wshah , Technical Team Lead - Service Provider Team , Estarta solutions

PVLANs provide layer 2 isolation between ports within the same broadcast domain

More Questions Like This