When a switch is configured with private VLANs, which of the following ports can an isolated port communicate
with? (Select the best answer.)
A.
ports within the same community
B.
ports within a different community
C.
other isolated ports
D.
promiscuous ports
Explanation:
An isolated port can communicate with promiscuous ports when a switch is configured with private virtual
LANs (VLANs). Private VLANs can be configured on a switch to help isolate traffic within a VLAN. Private
VLANs can provide Layer 2 separation between ports that belong to the same VLAN. Because the separation
exists at Layer 2, the hosts can exist on the same IP subnet. The VLAN to which the hosts belong is called the
primary VLAN. To create a private VLAN, you must create secondary VLANs and associate them with the
primary VLAN. There are two types of secondary VLANs: community VLANs and isolated VLANs. Ports that
belong to a community VLAN can communicate with promiscuous ports and with other ports that belong to the
same community. However, they cannot communicate with isolated ports or with ports that belong to other
communities. Ports that belong to an isolated VLAN can communicate only with promiscuous ports.
After configuring the private VLAN, you can configure ports to participate in the private VLAN. When configuring
a port to participate in a private VLAN, you must configure the port by issuing the switchport mode privatevlan
{promiscuous | host} command. The promiscuous keyword configures the port to communicate with any
secondary VLAN. Consequently, devices that should be reachable from any secondary VLAN should beconnected to promiscuous ports. For example, a router, a firewall, or a gateway that any host should be able to
reach should be connected to a promiscuous port. By contrast, devices connected to isolated or community
VLANs should be connected to host ports, which are configured by using the host keyword.Cisco: Configuring Private VLANs: Understanding Private VLANs