ReAssure Project Home Page

VLAN Vocabulary

Community VLAN. This is the easiest to understand type of VLAN. Devices on this VLAN can communicate with other devices on the same community VLAN, as well as promiscuous ports mapped to this VLAN.
Two-way community VLAN. Similar to community VLAN, in addition to allowing ACLs to check traffic going to/from the VLAN
Dynamic VLANs. The VLAN of a port is assigned based on the MAC address of the device connected to the port, by querying a database.
Private VLAN. Three types of ports exist in a private VLAN:
- Promiscuous ports can communicate with any other port.
- Isolated (a.k.a. "protected") ports can only communicate with promiscuous ports.
- Community ports can communicate between themselves and promiscuous ports. Note that several independent communities may exist inside a private VLAN.
The purpose of this type of VLAN is to facilitate IP address management and routing while isolating servers belonging to different clients (e.g., at a web hosting company). This feature is not needed in this project.
PVLAN Edge. Only local significance to the switch, and there is no isolation provided between two protected ports located on different switches.
Primary VLAN. Conveys incoming traffic from a promiscuous port to all other promiscuous, isolated, community, and 2-way community ports
Native VLAN. Packets sent from ports on the native VLAN do not have 802.1q tags manipulated by the switch. This is the basis of the VLAN hopping attack. By injecting packets on a native VLAN port, the tags are passed on without interpretation inside the first switch. When they cross to another switch (through trunking ports), the second switch will respect the tags and route the packets to the appropriate VLANs.

References