Not quite... but you have the right idea. A 'vanilla' VLAN created for an IP network will allow L2 communications between the hosts in the shared VLAN, given that they exist in the same IP subnet.
A private VLAN, on the other hand, sees all of the hosts in the same VLAN and IP subnet, but makes restrictions on what hosts in the VLAN can talk to each other, restricting direct L2 traffic that gets transmitted from one host to the other via the switch. The 'nutshell' response is that private VLANs are like ACL's for VLANS... you restrict/all communications between hosts that would otherwise have unrestricted L2 access to each other. You get the benefit of IP usage conservation with the power of separate VLANs. It's been a long evening, so if muddled things even further I apologize... Dan Farrell Applied Innovations [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lars Hansson Sent: Friday, May 12, 2006 12:26 AM To: misc@openbsd.org Subject: Re: FYI, 1and1 hosting fun (ip subnet zero) On Friday 12 May 2006 02:58, Stuart Henderson wrote: > These are, uh, quite large operations, and if there's a way to reduce > IP address use by 3/4 without putting a bunch of customers in the same > subnet that's probably a good thing. Wouldnt that be what VLAN's are for? --- Lars Hansson
