The Ethernet protocol was designed to allow direct user-user layer 2 communication, when both users are situated on a common broadcast domain. There might be requirements where, in an untrusted domain, there is a need to prevent the users in the same broadcast domain from communicating with each other. This is achieved using a feature called private VLAN, or PVLAN, sometimes also referred to as protected port feature. This feature effectively disables direct layer 2 communication between protected ports and also VLANs within trunks if the feature is applied to a trunk interface. Only communication is allowed with the router port for the traffic from users to go out of the LAN. PVLAN prevents any sniffing of ...