The definition of Private VLAN is:
Virtual LAN (VLAN) is a mechanism to divide a broadcast domain into several logical broadcast domains.
Private VLAN is an extension to the VLAN standard, already available in several (most recent) physical switches. It adds a further segmentation of the logical broadcast domain, to create “Private” groups.
Private means that the hosts in the same PVLAN are not able to be seen by the others, except the selected ones in the promiscuous PVLAN.
Standard 802.1Q Tagging indicates there is no encapsulation of a PVLAN inside a VLAN, everything is done with one tag per packet.
No Double Encapsulation indicates that the packets are tagged according to the switch port configuration (EST mode), or they arrive already tagged if the port is a trunk (VST mode).
Switch software decides which ports to forward the frame, based on the tag and the PVLAN tables.
A Private VLAN is further divided into the groups:
Primary PVLAN – The original VLAN that is being divided into smaller groups is called Primary, and all the secondary PVLANs exist only inside the primary.
Secondary PVLANs – The secondary PVLANs exist only inside the primary. Each Secondary PVLAN has a specific VLAN ID associated to it, and each packet travelling through it is tagged with an ID as if it were a normal VLAN, and the physical switch associates the behavior (Isolated, Community or Promiscuous) depending on the VLAN ID found in each packet.
refer the below VMware KB link for more explanination
Thanks & Regards
Dharshan S
VCP 4.0,VTSP 5.0, VCP 5.0
