PVLAN Ports and Layer 2 connectivity

Consider the following scenario in which VLAN 300 has been partitioned into a PVLAN (private VLAN), consisting of the following VLANs and ports:

  • The primary VLAN (VLAN 300) with the following ports:

    • One promiscuous port

    • Two interswitch link (ISL) ports (PVLAN member ports).

  • One isolated VLAN (VLAN 301) with 2 ports.

  • Two community VLANs (VLAN 302 and VLAN 303), each with 2 ports.

At the Layer 2 level:

  • The promiscous port can communicate with all the other ports, including ports in the isolated VLAN and through interswitch link (ISL) ports (PVLAN member ports).

  • The community VLAN ports can communicate with the promiscuous port, other ports in the same community VLAN, but not with ports in any isolated VLAN or in other community VLANs. Traffic from community VLAN ports can traverse through interswitch link (ISL) ports (PVLAN member ports) to other ports belonging to the same community VLAN.

  • The isolated VLAN ports can communicate with the promiscuous port only. However, traffic from the isolated VLAN ports can traverse through interswitch link (ISL) ports (PVLAN member ports) to a switch that has a promiscuous port.