Private VLANs (PVLANs) are not something I have been able to lab as I dont have a layer 3 switch (not yet anyway but I am saving my pennies for a Cisco 3550) and I havnt used them at work.

Anyway, PVLANs are a method of isolating ports in the same VLANs to provide security, a good example of their application is in a Service Provider Network where many end customers are connected to ports on a switch. They could put all of the customer ports on an isolated port in the PVLAN (more on that in a bit), and the gateway on a promiscuous port (again more in a bit) and a customer with multiple ports could be in their own community.

There are 3 types of ports in a PVLAN ports, promiscuous, community, and isolated.

Promiscuous ports: These ports can communicate with all other ports in the PVLAN including community and isolated. In the service provider example above the gateway would probably be on a promiscuous port.

Isolated ports: These ports are cant communicate with any other ports, except promiscuous ports. Isolated ports cannot talk to each other and in the example above the customers would be connected to a isolated port.

Community ports: These ports can communicate with other ports in the same community and promiscuous ports, but cant communicate with ports in other communities, or isolated ports. In the example above a customer with multiple connections could be in the their own community, this would allow layer 2 connectivity between the ports and they would still be able to access the gateway but have isolation from isolated ports.