6 Replies Latest reply: May 9, 2012 4:58 PM by Tasman D.West RSS

    Private VLAN Promiscuous Port Limitation Question

    Paul Stewart  -  CCIE Security

      In Yusuf Bhaiji's book "Network Security Technologies and Solutions" page 86 states the following in regards to a Promiscuous PVLAN port.


      "Promiscuous: A promiscuous port can communicate with all interfaces, including the isolated and community ports within a PVLAN.  The function of the promiscuous port is to move traffic between ports in community or isolated VLANs.  It can use acccess-lists to identify which traffic can pass between these VLANs.  Only one promiscuous port is allowed per single PVLAN, and it serves all the community and isolated VLANs in the Private VLAN."


      I know that a layer 3 device connected to the promiscuous port should take care (quite possibly via access-lists) not to become a proxy to other community and isolated connected hosts.  However, I'm not sure I am grasping his meaning.  Additionally, I am looking to confirmation on the limitation of "one" promiscuous port.  I have read the restrictions from the switch documentation and even found one example on the DocCD that seems to show multiple promiscuous ports connected to the same primary VLAN.