Private VLANs can be configured as which three port types? (Choose three.)
A.
isolated
B.
protected
C.
private
D.
associated
E.
promiscuous
F.
community
Explanation:
Primary, VLAN can be logically associated with special unidirectional, or secondary, VLANs.
Hosts associated with a secondary VLAN can communicate with ports on the primary VLAN
(a router, for example), but not with another secondary VLAN. A secondary VLAN is
configured as one of the following types:
• Isolated—Any switch ports associated with an isolated VLAN can reach the primary VLAN
but not any other secondary VLAN. In addition, hosts associated with the same isolated
VLAN cannot reach each other. They are, in effect, isolated from everything except the
primary VLAN.
• Community—Any switch ports associated with a common community VLAN can
communicate with each other and with the primary VLAN but not with any other secondary
VLAN. This provides the basis for server farms and workgroups within an organization, while
giving isolation between organizations.
You must configure each physical switch port that uses a private VLAN with a VLAN
association. You also must define the port with one of the following modes:
• Promiscuous—The switch port connects to a router, firewall, or other common gateway
device. This port can communicate with anything else connected to the primary or any
secondary VLAN. In other words, the port is in promiscuous mode, in which the rules of
private VLANs are ignored.
• Host—The switch port connects to a regular host that resides on an isolated or community
VLAN. The port communicates only with a promiscuous port or ports on the same
community VLAN.
Reference:
CCNP BCMSN Official Exam Certification Guide, Fourth Edition, Chapter 16: Securing with
VLANs, Private VLANs, p. 414