Last Updated on August 1, 2021 by Admin 2
Which PVLAN port type can only send frames to promiscuous ports?
- private
- promiscuous
- isolated
- community
- public
There are three types of ports in a private VLAN (PVLAN): promiscuous, isolated, and community. A PVLAN isolated port type can only send frames to promiscuous ports.
Consider the following graphic:
Host B is attached to a promiscuous mode port. In this mode, Host B can send and receive frames with other promiscuous, isolated, or community ports assigned to the same privateVLAN. Therefore, frames can be exchanged with Hosts A or C. Hosts A and C are attached to isolated ports. Isolated ports are able to send frames to promiscuous ports but not to each other.
Isolated and promiscuous ports can be combined to achieve a desired level of separation between particular machines while still allowing required access to services. As another example, suppose that security policy dictated that Host A and Host C cannot communicate with one another, but both computers needed to access a database on Host B. The isolated ports keep them from communicating with one another, while the use of a promiscuous port to Host B allows them to access the database. Any other resources in the network that either machine needs access to should be therefore connected with a promiscuous port.
The third type of port is a community port. A community port can communicate with other community ports of the same private VLAN or promiscuous ports.
Objective:
Infrastructure Security
Sub-Objective:
Configure and verify switch security features