Showing results for 
Search instead for 
Did you mean: 

pvlan and configuration

hi all,

can anybody discuss abt pvlans whats the diff between between ordinary vlans and pvlans. comparisons and how we can configure, if anybody can clearly explain this that wil be a great thing.

whats the relation between dynamic vlan and pvlans.



4 Replies 4

Jon Marshall
VIP Community Legend VIP Community Legend
VIP Community Legend

Hi Binoy

Private vlans are a security feature. It is about restricting traffic between servers/hosts within the same vlan. So it is a layer 2 feature. In essence you have 3 type of ports

1) promiscuous - can talk to all ports in the private vlan - typically this is the SVI for the vlan which takes care of the routing.

2) community ports - a group of ports that can talk to each other and the promiscuous port.

3) isolated ports - can only talk to promiscuous port.

This allows you to be very granular in the traffic flows within the vlan.

Dynamic vlans are the ability to assign a switchport into a vlan based on the mac-address of the client. You need a Vlan Membership Policy server for these and there is a large administrative overhead to maintain the list of mac address to vlan mappings. It is a very loose form of security as mac addresses can be spoofed quite easily.


hi jon

thanks for your reply.

suppose in a network i've 6 departments like accnts, IT ,Admin... so in such scenario how pvlans are going to help me.

i need to create seperate vlans for each dept, or some other way.

based on the user name of active directory can i allocate the users into seperate vlans,

if i've a an ACS engine 4.1 how it's going to help me.

i will rate all the posts pls give some inputs.




Your scenario doesn't require Pvlans to be configured.

Configure 6 vlans for each department and assign users from that department to that particular VLAN.

I am not sure what you want to do with your ACS server. It is basically used for authencating users logging on to a network device like switches, routers etc

HTH, rate if it does


hi narayan thanks for your reply.

my scenario is like i've 4 buildings within a campus.building 1 is where i'm going to place my core 6500 and rest 3 building ive 200 users each. total 600 user's in these 3 aim is to create vlans, like building 2 will be another vlan so incase if the guy from building 2 comes to building 3 then also he should get access, like by maping the username he should go to the vlan group. i'm not clear like how do i start and from where should i start.

in this scenario in each these building ive 10 3560 switches with fibers connecting directly to 6500.

i've active directory in 2003 server, so im planing to map the user names from this server to acs engine 4.1 for max security.

so how can i start with, ive not dome any implementation like this so if you can give some inputs that wil lbe a great thing.

i wil rate all the posts.


Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers