12.VACL-Protected Port-Private VLAN
12.VACL-Protected Port-Private VLAN
VLAN Access-List
Types of ACLs
Configuring VACLs
Private VLAN
Access Switch: Protected Port
Switch(config-vlan)#private-vlan association
{secondary_vlan_list | add svl | remove svl}
• Isolated: Communicate
with only promiscuous
ports
• Promiscuous:
Communicate with all
other ports
• Community:
Communicate with other
members of community
and all promiscuous ports
Isolated PVLAN Configuration
• DNS, web, and SMTP servers are in DMZ and in same subnet
• DNS server can communicate with each other and with
router
• Web and SMTP servers can communicate only with router.
PVLAN Example (Cont.)