Which of the following statements is true regarding private VLANs? (Select the best answer.)
A.
Isolated ports can communicate only with other isolated ports in the same isolated VLAN.
B.
Only a single community VLAN can be associated with a primary VLAN.
C.
Community VLANs can send traffic to isolated ports but cannot receive traffic from them.
D.
Every port in a private VLAN is a member of the primary VLAN.
Explanation:
Every port in a private virtual LAN (VLAN) is a member of the primary virtual LAN (VLAN). Private VLANs can
be configured on a switch to help isolate traffic and provide Layer 2 separation between ports that belong to the
same VLAN. Because the separation exists at Layer 2, the hosts can exist on the same IP subnet. The VLAN
to which the hosts belong is called the primary VLAN. To create a private VLAN, you must create one or more
secondary VLANs and associate the secondary VLANs with the primary VLAN. There are two types of
secondary VLANs: community VLANs and isolated VLANs.
When configuring a port to participate in a private VLAN, you must configure the port by issuing the switchport
mode privatevlan {promiscuous | host} command. The promiscuous keyword configures the port tocommunicate with any secondary VLAN. Consequently, devices that should be reachable from any secondary
VLAN should be connected to promiscuous ports. For example, a router, a firewall, or a gateway that any host
should be able to reach should be connected to a promiscuous port. By contrast, devices connected to isolated
or community VLANs should be connected to host ports, which are configured by using the host keyword.
You can configure a primary VLAN by issuing the privatevlan primary command, and you can configure
secondary VLANs by issuing the privatevlan {isolated | community} command. Devices connected to a
community VLAN can communicate with other devices on the community VLAN as well as with the primary
VLAN. However, no devices on the community VLAN can communicate with a device that is connected to an
isolated port.
Ports that belong to an isolated VLAN can communicate only with promiscuous ports. Any traffic received from
isolated ports is forwarded only to promiscuous ports? thus isolated ports cannot communicate directly with
each other.Cisco: Configuring Private VLANs: Understanding Private VLANs