i saw a paragraph on "Securing Networks with Private VLANs and VLAN Access Control Lists" say,private vlan just can provide protection on L2,not L3.it means that the promiscuous ports can be used to route traffic between the isolated ports.
i just wondering how can make it?sourece routing? or others? anybody can me a explanation?
"There is a well-known security limitation to PVLANs, which is the possibility that a router forwards traffic back out of the same subnet from which it came. A router can route traffic across isolated ports defeating the purpose of PVLANs. This limitation is due to the fact that PVLANs are a tool that provides isolation at L2, not at Layer 3 (L3)."