VLANs are like cell blocks in prison. Each cell block is like a VLAN. Inmates (or devices on a switch port) inside the block(VLAN) can talk to each other, but not with others in different blocks(VLANs). They don't even know they exist. If inmates want to talk to others in different blocks, then they need to use a guard (think a router or firewall) to pass along the message. We can even take this one step further. inside each cell block, each inmate has a cell. When inmates are inside their cell, they can't take to each other, even though they are in the same block. This is true for Private VLANs. You can have a devices be part of a VLAN, but when put inside a private VLAN, they can not talk to others in the VLAN without passing through a guard (in this case the guard is an access list). Now lets all stay out of prison and away from the guards 🙂
... View more
