Private VLAN, or PVLAN for short, is a type of VLAN (Virtual LAN) which provides even further segregation of hosts.
VLAN, as you might know, provide logical segregation of hosts over single LAN. Without concept of VLAN, all the hosts connected to a single switch can see each others traffic. VLAN provide a level of isolation such that only hosts/stations belonging to same VLAN can see each other’s traffic/ frames.
But at times, even this isolation is not sufficient and we want to have fine grained control over traffic within VLAN itself. That’s where the concept of Private VLAN or PVLAN comes in.
With PVLAN, we have one or more secondary VLAN’s mapping to a single primary VLAN and depending on the type of the secondary vlan, the traffic on it comes always comes to primary vlan and is not handed over / seen by other hosts on the secondary vlan. Thus we can do policy enforcement on the traffic within a VLAN also. This is particularly useful in virtualized environments, where we might want to inspect the traffic between the VM”s connected to single DVS and do not want the traffic to be switched by DVS. This is also called micro segmentation.
For more information on PVLAN, take a look at;
Understanding Private VLANs — TechLibrary — Juniper Networks
