CCIE Pursuit Blog

January 31, 2008

Internetwork Expert Blog: Private VLANs Demystified

The Internetwork Expert blog continues to post excellent information and tutorials.  The most recent post concerns private VLANs.  This was a topic that confused the hell out of me at first.  I read the configuration guide and was completely lost.  I eventually got my head around the concept (and have even used them at work).  I would have loved to have read this post 9 months ago.  🙂

Private VLAN concepts are quite simple, but Cisco’s implementation and configuration is a bit confusing – with all the “mappings” and “associations”. Here comes a short overview of how private VLANs work.

To begin with, let’s look at the concept of VLAN as a broadcast domain. What Private VLANs (PVANs) do, is split the domain into multiple isolated broadcast subdomains. It’s a simple nesting principle – VLANs inside a VLAN. As we know, Ethernet VLANs are not allowed to communicate directly, they need L3 device to forward packets between broadcast domains. The same concept applies to PVLANS – since the subdomains are isolated at level 2, they need to communicate using an upper level (L3 and packet forwarding) entity – such as router. However, there is difference here. Regular VLANs usually correspond to a single IP subnet. When we split VLAN using PVLANs, hosts in different PVLANs still belong to the same IP subnet, but they need to use router (another L3 device) to talk to each other (for example, by means of local Proxy ARP). In turn, router may either permit or forbid communications between sub-VLANs using access-lists.

—Read the rest here—



  1. That is awesome! I have always wondered how / what the point of these were … I want to get this up and going in my environment !

    Comment by bill — February 1, 2008 @ 8:16 am | Reply

  2. Very helpfull. My story with PVLANs was the same, before this document. Thank you!

    Comment by m@ster — October 30, 2008 @ 6:40 am | Reply

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Blog at

%d bloggers like this: