Private VLAN

What is a Private VLAN?

A VLAN (Virtual LAN or Virtual local area network) is a broadcast domain that partitions a computer network at the data link layer. The goal is to separate network applications from each other while sharing the same network equipment, such as cables and switches. On top of certain logistical benefits, it allows for also isolation applications to improve overall network security.

A Private VLAN uses two types of main VLANs (or ports):

1. Promiscuous (P-Ports): These ports can communicate inbound and outbound traffic with all other ports on the VLAN.
2. Host ports:

  • Isolated (I-Ports): Only communicates with P-Ports.
  • Community (C-Ports): Only communicates with ports in the same community VLAN or P-Ports.

Why Rock Island Private VLANs?

Private VLAN is to enforce network segregation, both internally and externally. Internally, customers who should be able to communicate with their separate office can be placed within the same community VLANs.

The logical layering of the network into primary and secondary VLANs allows for this type of isolation while also allowing top-down network-wide communication via a single point-of-contact or uplink.

Externally, protects customers by not allowing them to directly communicate with hosts outside the network. All traffic that moves in and out of the primary VLAN will pass through a single router which can enforce traffic filtering or a firewall. This drastically shrinks the overall exposure boundary of the network. It can also help carry out more effective network forensics or network intrusion detection and prevention.

Benefits of Private VLAN:

  • You can migrate from a flat network to a segregated network without changing host IP addresses.
  • You can preserve IP addressing because all secondary VLANs share the same subnet.
    There is no need to separate the IP subnet for each customer.
  • The firewall interface does not need to be adjusted as the number of VLANs scales.



Automated, adaptive, and modernized network infrastructure

We help you evolve how your employees, customers, and things connect, enabling superior and secure experiences by implementing automated, assurance-driven networking. Ensure cyber-resilient and cloud-optimized connectivity, allowing users to be connected anytime, from anywhere, and with any device.

The network is the foundation for digital transformation 

We advance agility, transformation, and automation for your business through our intelligent and secure network fabric. Our networking services are secure by design, efficiently supporting and managing the most demanding software-defined, high-performance hybrid environments.