If you are working hard towards achieving Cisco CCNP Switch 642-813 certification exams, private VLANs does comes into picture. Yeah its part of CCNP Switch 642-813 curriculum. Cisco basically designed Private VLANs (PVLANS) as part of layer 2 security, in normal condition in any given network the traffic is allowed to move unconditionally within a VLAN. What if you want to restrict the movement of traffic with in a VLAN? Private VLAN (PVLANS) comes into picture.
Private VLAN (PVLANS) are really just sub-VLAN inside a VLAN, they basically allows you to split the VLAN domain into multiple isolated subdomains. When it comes to inter-VLAN routing we need a Layer 3 device to forward packets. The same analogy applies to Private VLAN (PVLANS). They need layer 3 devices such as Cisco Router or Cisco Multilayer Switch.
To make things much simpler, consider a Network environment in which the service provider need to connects servers belonging to different customers to the Internet. These servers must all be able to reach their first-hop router, but for security reasons, servers belonging to one customer must not be able to communicate with servers belonging to another. An obvious design solution for these requirements is to place each customer’s servers in a separate VLAN, which also requires the assignment of a separate IP subnet per customer (even if they have only one server).
By creating separate VLANs not only wastes the VLAN IDs but also IP addresses as well. To overcome this Private VLAN (PVLANS) were introduced as a more elegant alternative, allowing multiple devices to reside in the same IP subnet, yet remain isolated from one another at layer two.
In upcoming post we see what terminologies are used in Private VLAN (PVANS) and how they are distinguished.