Private VLANs (PVLAN) prevent layer 2 connectivity between hosts on a switch in the same VLAN/subnet; this provides security and removes the need to re-IP address. This is useful in certain scenarios when it is not desirable for the host machines to be able to communicate with each other e.g DMZ or ISP environments (web hosting). In an enterprise environment with multiple services in a DMZ a server may have no need to communicate with another server in a DMZ, a PVLAN can be configured to isolate the servers from one another whilst permitting traffic to the upstream router/firewall.
Consists of multiple secondary Private VLANs
Carries traffic from promiscuous ports to isolated, community and other promiscuous ports in the same Primary Private VLAN
Secondary Private VLAN
Is a child VLAN of the Primary and can be mapped to only one Primary Private VLAN
Uses the same IP subnet as the Primary Private VLAN
The hosts are assigned to the Secondary Private VLAN