Private VLANs on the Catalyst 6000
The Catalyst 6000 product line has introduced some enhancements to the switching arena for security purposes. We will discuss some of these in this section and see how they can be a useful security element in Layer 2 design.
A normal VLAN does not allow devices connected to it to be segregated from each other on Layer 2. This means that if a device on a VLAN becomes compromised, other devices on the same VLAN can also be attacked from that compromised device.
Private VLANs allow restrictions to be placed on the Layer 2 traffic on a VLAN.
There are three types of private VLAN ports:
Promiscuous ports— Communicates with all other private VLAN ports. This is generally the port used to communicate with the router/gateway ...