Quick review:
The private VLAN always has one primary VLAN. Within the primary VLAN you will find the promiscuous port. All other ports are able to communictae with the promiscuous port. The default gateway is usually connected to promiscuous port.
Within primary VLAN you will encounter one or more secondary VLANs, there are two types:
– community VLAN: all ports within the community VLAN are able to communictae with each other and the promiscuous port;
– isolated VLAN: all ports within the isolated VLAN are unable to communictae with each other but they can communicate with the promiscuous port;
Note: Before you start configuring PVLAN, you must set VTP mode to transparent.
1. Create primary/secondary VLANs
2. Associate secondary VLANs to the primary VLAN
3. Configure interfaces as promiscuous/isolated/community interfaces
################################################################################3
1. Private VLANs can be configured as which three of these port types? (Choose three)
A. isolated
B. protected
C. private
D. associated
E. promiscuous
F. community
Answer: A E F
2. A switch has been configured with Private VLANs. With that type of PVLAN port should the default gateway be configured?
A. Trunk
B. Isolated
C. Primary
D. Community
E. Promiscuous
Answer: E
3. When configuring private VLANs, which configuration task must you do first?
A. Configure the private VLAN port parameters.
B. Configure and map the secondary VLAN to the primary VLAN.
C. Disable IGMP snooping.
D. Set the VTP mode to transparent.
Answer: D
4. Refer to the exhibit. From the configuration shown, what can you determine about the private VLAN configuration?
Switch# configure terminal
Switch (config)# vlan 20
Switch (config-vlan)# private-vlan primary
Switch (config-vlan)# exit
Switch (config)# vlan 501
Switch (config-vlan)# private-vlan isolated
Switch (config-vlan )#exit
Switch (config)# vlan 502
Switch (config-vlan)#private-vlan community
Switch (config-vlan)# exit
Switch (config)# vlan 503
Switch (config-vlan )# private-vlan community
Switch (config-vlan)# exit
Switch (config)# vlan 20
Switch (config-vlan)#private-vlan association 501-503
Switch (config-vlan)# end
A. Only VLAN 503 will be the community PVLAN because multiple community PVLANs are not allowed.
B. Users of VLANs 501 and 503 will be able to communicate.
C. VLAN 502 is a secondary VLAN.
D. VLAN 502 will be a standalone VLAN because it is not associated with any other VLANs.
Answer: C
5. Refer to the exhibit. What can be concluded about VLANs 200 and 202?
Switch#show vlan private-vlan type
primary secondary type interfaces
202 primary
200 isolated
A. VLAN 202 carries traffic from promiscuous ports to isolated, community, and other promiscuous ports in the same VLAN. VLAN 200 carries traffic between community ports and to promiscuous ports.
B. VLAN 202 carries traffic from promiscuous ports to isolated, community, and other promiscuous ports in the same VLAN. VLAN 200 carries traffic from isolated ports to a promiscuous port.
C. VLAN 200 carries traffic from promiscuous ports to isolated, community, and other promiscuous ports in the same VLAN. VLAN 202 carries traffic between community ports and to promiscuous ports.
D. VLAN 200 carries traffic from promiscuous ports to isolated, community, and other promiscuous ports in the same VLAN. VLAN 202 carries traffic from isolated ports to a promiscuous port.
Answer: B
6. Refer to the exhibit. The web servers WS_1 and WS_2 need to be accessed by external and internal users. For security reasons, the servers should not communicate with each other, although they are located on the same subnet. The servers do need, however, to communicate with a database server located in the inside network. What configuration will isolate the servers from each other?
A. The switch ports 3/1 and 3/2 will be defined as secondary VLAN community ports. The ports connecting to the two firewalls will be defined as primary VLAN promiscuous ports.
B. The switch ports 3/1 and 3/2 and the ports connecting to the two firewalls will be defined as primary VLAN promiscuous ports.
C. The switch ports 3/1 and 3/2 and the ports connecting to the two firewalls will be defined as primary VLAN community ports.
D. The switch ports 3/1 and 3/2 will be defined as secondary VLAN isolated ports. The ports connecting to the two firewalls will be defined as primary VLAN promiscuous ports.
Answer: D
Cisco blog 