392 | Private VLANs (PVLAN)w w w . d e l l . c o m | s u p p o r t . d e l l . c o m Private VLAN ConceptsThe VLAN types in a PVLAN include:Community VLAN—a type of secondary VLAN in a primary VLAN:• Ports in a community VLAN can communicate with each other.• Ports in a community VLAN can communicate with all promiscuous ports in the primary VLAN.• A community VLAN can only contain ports configured as host.Isolated VLAN—a type of secondary VLAN in a primary VLAN:• Ports in an isolated VLAN cannot talk directly to each other.• Ports in an isolated VLAN can only communicate with promiscuous ports in the primary VLAN.• An isolated VLAN can only contain ports configured as host.Primary VLAN—the base VLAN of a private VLAN:• A switch can have one or more primary VLANs, or none.• A primary VLAN has one or more secondary VLANs.• A primary VLAN and each of its secondary VLANs decrement the available number of VLAN IDs inthe switch.• A primary VLAN has one or more promiscuous ports.• A primary VLAN might have one or more trunk ports, or none.Secondary VLAN—a subdomain of the primary VLAN. There are two types of secondary VLAN—community VLAN and isolated VLAN.PVLAN port types:• Community port: a port that belongs to a community VLAN and is allowed to communicate withother ports in the same community VLAN and with promiscuous ports.• Host port: (in the context of a private VLAN) a port in a secondary VLAN:• You must first assign the port that role in INTERFACE mode.• A port assigned the host role cannot be added to a regular VLAN.• Isolated port: a port that, in Layer 2, can only communicate with promiscuous ports that are in thesame PVLAN.• Promiscuous port: a port that is allowed to communicate with any other port type in the PVLAN:• A promiscuous port can be part of more than one primary VLAN.• A promiscuous port cannot be added to a regular VLAN.• Trunk port: carries traffic between the switches:• A trunk port in a PVLAN is always tagged.• Primary or secondary VLAN traffic is carried by the trunk port in tagged mode. The tag on thepacket helps identify the VLAN to which the packet belongs.• A trunk port can also belong to a regular VLAN (non-private VLAN).