%BOOK_ENTITIES; ]>

In an Ethernet switch, a VLAN is a broadcast domain in which hosts can establish direct communication with each another at Layer 2. Private VLAN is designed as an extension of VLAN standard to add further segmentation of the logical broadcast domain. A regular VLAN is a single broadcast domain, whereas a private VLAN partitions a larger VLAN broadcast domain into smaller sub-domains. A sub-domain is represented by a pair of VLANs: a Primary VLAN and a Secondary VLAN. The original VLAN that is being divided into smaller groups is called Primary, That implies all VLAN pairs in a private VLAN share the same Primary VLAN. All the secondary VLANs exist only inside the Primary. Each Secondary VLAN has a specific VLAN ID associated to it, which differentiates one sub-domain from another. For further reading: Understanding Private VLANs Cisco Systems' Private VLANs: Scalable Security in a Multi-Client Environment Private VLAN (PVLAN) on vNetwork Distributed Switch - Concept Overview (1010691)

Ensure that you configure private VLAN on your physical switches out-of-band.