Which PVLAN port type can only send frames to promiscuous ports?

  • private
  • promiscuous
  • isolated
  • community
  • public

There are three types of ports in a private VLAN (PVLAN): promiscuous, isolated, and community. A PVLAN isolated port type can only send frames to promiscuous ports.

Consider the following graphic:

300-420 Part 07 Q05 052
300-420 Part 07 Q05 052

Host B is attached to a promiscuous mode port. In this mode, Host B can send and receive frames with other promiscuous, isolated, or community ports assigned to the same privateVLAN. Therefore, frames can be exchanged with Hosts A or C. Hosts A and C are attached to isolated ports. Isolated ports are able to send frames to promiscuous ports but not to each other.

Isolated and promiscuous ports can be combined to achieve a desired level of separation between particular machines while still allowing required access to services. As another example, suppose that security policy dictated that Host A and Host C cannot communicate with one another, but both computers needed to access a database on Host B. The isolated ports keep them from communicating with one another, while the use of a promiscuous port to Host B allows them to access the database. Any other resources in the network that either machine needs access to should be therefore connected with a promiscuous port.

The third type of port is a community port. A community port can communicate with other community ports of the same private VLAN or promiscuous ports.

Infrastructure Security
Configure and verify switch security features

