Private VLANs : Switching Technique

Before to know Private VLAN
Private VLAN concept is the core switching concept and is for that you need to understand the basic VLAN techniques. If you understand the concept of the basic Switching like VLAN, VTP and STP then go and try to understand the concept of the private VLAN. First talk about the basic concept of VLAN as below

VLAN: Virtual LAN
The Concept of VLAN is simple creating the instances of local networks within a single network so that they cannot talk to each other. It means if we have a single Network, we can create various VLANs like VLAN 2, VLAN 3, VLAN 4. Lets Define that VLANs

VLAN2: HR Department
VLAN3: Finance Department
VLAN4: Engineering Department

So we are differentiate all these departments from each other so that they cant talk to each other without the concerns of system admin. so Hope the concept of basic VLAN you guys understand now. Lets talk about the Private VLAN. Why and where these private VLANs are used. 

If we are talking about the Private VLANs we need the following audience for this article

Lets start with the introduction portion of the Private VLANs which start with the concept of the Primary and the host port types. Make sure you need to configure the same as per the concept of Private VLAN described below

A private VLAN secures traffic between a primary port and host
  • In private VLAN create a VLAN with same id and within that VLAN you create isolated VLAN community VLAN.. So that they can’t communicate with each other.
  • The private VLAN feature provides the ability to extend the capabilities of a “standard” VLAN. Switch ports assigned within the primary VLAN are able to see traffic from all devices within the primary VLAN.
Why We Use a Private VLAN?
If an Internet Service Provider (ISP) had a limited number of subnet space and wanted to maximize it by assigning all of the customers in a geographic area into the same IP subnet. Of course, most customers do not want other people seeing their layer 2 switched traffic, as it opens up potential security issues. 

Individual customers who only have a single port connected into the service provider can be assigned into an isolated private VLAN, their traffic would then only be sent and received by the ISP devices connected directly to the primary VLAN.

The Below diagram shows the basic network diagram which will describe you the various modes in the Private VLANs. The IP used below are for dummy used and is not related to any of the real or live networks.The Diagram shows the various modes like Isolated, Community VLANs which will be described below.

Fig 1.1- Private VLANs
Isolated VLAN: forwards frames from I ports to P ports. Since Isolated ports do not exchange frames with each other, we can use just ONE isolated VLAN to connect all I-Port to the P-port.
Community VLANs: Transport frames between community ports (C-ports) within to the same group and forward frames upstream to the P-ports of the primary VLAN.

Promiscuous (P): Usually connects to a router – a type of a port which is allowed to send and receive frames from any other port on the VLAN.

Difference between VLAN & Private VLAN :
  • Different Vlans must belong to different IP subnets.
  • PVlans belong to the same IP subnet.
  • VLAN works in Layer 2 and Layer 3.
  • PVlans is method to segment device at layer 2.