An administrator creates a Private VLAN with a Primary VLAN ID of 2. The administrator than creates three Private VLANs as follows:
Marketing
PVLAN ID. 4
PVLAN Type. Isolated
Accounting
PVLAN ID. 5
PVLAN Type. Community
Secretary
PVLAN ID. 17
PVLAN Type. Isolated
Users in the Accounting PVLAN are reporting problems communicating with servers in the Marketing PVLAN.
Which two actions could the administrator take to resolve this problem? (Choose two.)
A.
Change the PVLAN type for the Accounting network to Promiscuous.
B.
Change the PVLAN ID for the Accounting network to 2.
C.
Change the PVLAN type for Marketing network to Promiscuous.
D.
Change the PVLAN ID for Accounting network to 4.
Explanation:
Explanation/Reference:
A and B are correct
“Isolated: A node attached to a port in an isolated secondary PVLAN may only send to and receive packets from the promiscuous PVLAN.”
“Notes:
Promiscuous PVLANs have the same VLAN ID both for Primary and Secondary VLAN.
Community and Isolated PVLANs traffic travels tagged as the associated Secondary PVLAN.”
Marketing is an isolated secondary PVLAN, son only can receive from the Promiscuous PVLAN.
Accounting is community, therefore we need to change Accounting to Promiscuous (A)
If we change the PVLAN ID for the Accounting to 2, we are actually setting Accounting to Promiscuous as well. (B)
https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1010691
A and C are correct.
The question states the Primary PVLAN is 2. “A private VLAN is identified by its primary VLAN ID. A primary VLAN ID can have multiple secondary VLAN IDs associated with it. ”
“Primary VLANs are Promiscuous”
“Ports on a secondary VLAN can be either Isolated, communicating only with promiscuous ports, or Community, communicating with both promiscuous ports and other ports on the same secondary VLAN.”
A, Correct because Promiscuous or aka Primary PVLANs can communicate with Isolated or Community ports.
B, Incorrect because you can not have duplicate Primary or secondary PVLANs or a secondary PVLAN ID that is the same as its Primary PVLAN ID.
C, Correct because Promiscuous or aka Primary PVLANs can communicate with Isolated or Community ports.
D, Incorrect because you can not change a PVLAN ID once it has been set, only remove or change type.
Note: The question is tricky and flawed.
1) You cant change a secondary PVLAN ID type to anything but Isolated or Community.
2) There can only be one Isolated secondary PVLAN per Primary PVLAN. So the scenario with a PVLAN ID 17 and PVLAN ID 4 both being Isolated isnt even possible.
https://pubs.vmware.com/vsphere-60/index.jsp?topic=%2Fcom.vmware.vsphere.hostclient.doc%2FGUID-07167C1A-AC5A-40FE-A50F-5BA9DD138CA0.html
A and B are the answers they are looking for..
However, this question still doesnt make much sense, but I’ve thought about how these answers may work.
A and B can be correct, if you change the distributed virtual switch port group for the “Accounting” VM’s to use PVLAN (2,2).
The Primary VLAN is 2 and as such a secondary PVLAN is created with ID 2 as type “Promiscuous” by default and CANNOT BE CHANGED. Answer “A” implies that the “Type” for PVLAN ID 5 can simply be changed to “Promiscuous”, which it cant.
http://www.mikelaverick.com/2014/03/back-to-basics-private-vlan-4-of-n/
http://wahlnetwork.com/2012/05/14/understanding-vsphere-private-vlans-for-fun-and-profit/
Isn’t this questions flawed by virtue of the fact that only one Isolated secondary Private VLAN ID is allowed per Primary private VLAN ID ?
Under circumstances, I think we should ignore pvlan id 17 since it’s not part of the question anyway (communications in question are between other “departments”).
As everything can communicate with promiscuous / primary in either directions, both ‘A’ and ‘C’ are correct.
Considering what VIguy said earlier re: the option of changing the Accounting network to the primary id, ‘B’ also ca be correct. Tough choice indeed…
As it is not possible for specific pvlan id to change its type to promiscuous, we can move accounting to the marketing pvlan (community) or change accounting pvlan id to 2 (promiscuous). It implies b&d, isn’t it?
AB
B: Promiscuous PVLANs have the same VLAN ID both for Primary and Secondary VLAN