Private VLAN

From Wikipedia, the free encyclopedia

A private VLAN contains switch ports that cannot communicate with each other but can access another network. These ports are called private ports. Each private VLAN contains one or more private ports, and a single uplink port or uplink aggregation group.

A typical application is at a hotel where each room has a port that can access the Internet. In this situation it is undesirable to allow communication between rooms. Another application is to simplify IP address assignment. Ports can be isolated from each other while belonging to the same subnet.

The network device forwards all traffic received on a private port out the associated VLAN’s uplink port, regardless of VLAN ID or MAC destination address. Packets received on an uplink port are forwarded in the normal way (i.e. as for non-private VLANs) for all types of packets. Note that all traffic between private ports is blocked at all layers, not just Layer 2 traffic.