Which PVLAN port type can only send frames to promiscuous ports?
A. private
B. promiscuous
C. isolated
D. community
E. public
Correct Answer: C
Explanation/Reference:
Answer:
There are three types of ports in a private VLAN (PVLAN): promiscuous, isolated, and community. A PVLAN isolated port type can only send frames to promiscuous ports.
Consider the following graphic:
Host B is attached to a promiscuous mode port. In this mode, Host B can send and receive frames with other promiscuous, isolated, or community ports assigned to the same privateVLAN. Therefore, frames can be exchanged with Hosts A or C. Hosts A and C are attached to isolated ports. Isolated ports are able to send frames to promiscuous ports but not to each other.
Isolated and promiscuous ports can be combined to achieve a desired level of separation between particular machines while still allowing required access to services. As another example, suppose that security policy dictated that Host A and Host C cannot communicate with one another, but both computers needed to access a database on Host B. The isolated ports keep them from communicating with one another, while the use of a promiscuous port to Host B allows them to access the database. Any other resources in the network that either machine needs access to should be therefore connected with a promiscuous port.
The third type of port is a community port. A community port can communicate with other community ports of the same private VLAN or promiscuous ports.
Objective:
Infrastructure Security Sub-Objective:
Configure and verify switch security features
References:
Cisco > Home > Support > Product Support > End-of-Sale and End-of-Life Products > Cisco Catalyst 6000 Series Switches > Configure > Configuration Examples and Technotes > Securing Networks with Private VLANs and VLAN Access Control Lists
Explanation/Reference:
Answer:
There are three types of ports in a private VLAN (PVLAN): promiscuous, isolated, and community. A PVLAN isolated port type can only send frames to promiscuous ports.
Consider the following graphic:
Host B is attached to a promiscuous mode port. In this mode, Host B can send and receive frames with other promiscuous, isolated, or community ports assigned to the same privateVLAN. Therefore, frames can be exchanged with Hosts A or C. Hosts A and C are attached to isolated ports. Isolated ports are able to send frames to promiscuous ports but not to each other.
Isolated and promiscuous ports can be combined to achieve a desired level of separation between particular machines while still allowing required access to services. As another example, suppose that security policy dictated that Host A and Host C cannot communicate with one another, but both computers needed to access a database on Host B. The isolated ports keep them from communicating with one another, while the use of a promiscuous port to Host B allows them to access the database. Any other resources in the network that either machine needs access to should be therefore connected with a promiscuous port.
The third type of port is a community port. A community port can communicate with other community ports of the same private VLAN or promiscuous ports.
Objective:
Infrastructure Security Sub-Objective:
Configure and verify switch security features
References:
Cisco > Home > Support > Product Support > End-of-Sale and End-of-Life Products > Cisco Catalyst 6000 Series Switches > Configure > Configuration Examples and Technotes > Securing Networks with Private VLANs and VLAN Access Control Lists
Think answer A, C and D are correct, Private, Isolated and community Vlans can communicate with promiscuous ports
From The Official Cert Guide
Promiscuous: The switch port connects to a router, firewall, or other common gateway
device. This port can communicate with anything else connected to the primary
or any secondary VLAN. In other words, the port is in promiscuous mode, in which
the rules of private VLANs are ignored.
■ Host : The switch port connects to a regular host that resides on an isolated or community
VLAN. The port communicates only with a promiscuous port or ports on
the same community VLAN.