Private VLAN – PVLAN configuration needs to be started by defining any secondary VLANs that are needed for isolation. Secondary VLAN can be isolated or community VLAN.
Switch(config)# vlan 4 Switch(config-vlan)# private-vlan community Switch(config)# vlan 5 Switch(config-vlan)# private-vlan community Switch(config)# vlan 6 Switch(config-vlan)# private-vlan isolated
Isolating Traffic inside a VLAN Using Private VLANs
In the article VACL – VLAN Access Lists we mention one way how to provide security on switch device like Cisco Catalyst switch. In this article we will see the other way of providing security with use of private VLANs – PVLAN.
The whole idea is to make possible to group VLANs inside the VLANs. You see from the picture here on the right that this will give you the opportunity to make group od computers or servers inside main (primary) VLAN. It will be possible to have two servers in the VLAN 10 and both of them on the same subnet. Here it becomes little bit strange, then they can be separated into two Secondary VLANs, VLAN 4 and VLAN 5.
If you are interested in the PVLAN configuration: PVLAN configuration article