PVLAN: True Statement | CCIE Security Exam | Cisco

PVLAN: True Statement about Private VLAN | CCIE Security Exam | Cisco

Prev Question Next Question

Question

Which statement about the PVLAN is true?

Answers

A. Promiscuous ports can only communicate with other promiscuous ports.

B. Isolated ports cannot communicate with the other promiscuous ports.

C. Community ports can communicate with the other promiscuous ports but not with the other community ports.

D. Isolated ports can communicate with the other isolated ports only.

E. Promiscuous ports can communicate with all the other type of ports.

F. Community ports can communicate with the other community ports but not with promiscuous ports.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E. F.

Private VLANs (PVLANs) provide layer 2 isolation between ports within the same VLAN. PVLANs divide a single VLAN into multiple isolated segments, allowing administrators to segment traffic between ports without the need for separate VLANs and subnets. PVLANs provide three types of ports:

Promiscuous port: This port can communicate with all other PVLAN ports within the same PVLAN domain, including isolated and community ports. It is typically connected to a router, firewall, or other device that needs to communicate with all devices in the PVLAN domain.
Isolated port: This port can communicate only with the promiscuous port within the same PVLAN domain. It cannot communicate with other isolated or community ports within the same PVLAN domain. The isolated port is used to provide isolation between ports that share the same VLAN but should not communicate with each other.
Community port: This port can communicate with other community ports and the promiscuous port within the same PVLAN domain. It cannot communicate with isolated ports or community ports in other PVLAN domains.

Based on the above information, let's evaluate each statement:

A. Promiscuous ports can only communicate with other promiscuous ports. - This statement is incorrect. Promiscuous ports can communicate with all other PVLAN ports within the same PVLAN domain, including isolated and community ports.

B. Isolated ports cannot communicate with the other promiscuous ports. - This statement is correct. Isolated ports can only communicate with the promiscuous port within the same PVLAN domain.

C. Community ports can communicate with the other promiscuous ports but not with the other community ports. - This statement is incorrect. Community ports can communicate with other community ports and the promiscuous port within the same PVLAN domain.

D. Isolated ports can communicate with the other isolated ports only. - This statement is incorrect. Isolated ports cannot communicate with other isolated ports or community ports within the same PVLAN domain.

E. Promiscuous ports can communicate with all the other type of ports. - This statement is correct. Promiscuous ports can communicate with all other PVLAN ports within the same PVLAN domain, including isolated and community ports.

F. Community ports can communicate with the other community ports but not with promiscuous ports. - This statement is incorrect. Community ports can communicate with other community ports and the promiscuous port within the same PVLAN domain.

Therefore, the correct statement about PVLAN is B: Isolated ports cannot communicate with the other promiscuous ports.

Prev Question Next Question