7-13
Catalyst 2900 Series XL and Catalyst 3500 Series XL Software Configuration Guide
78-6511-05
Chapter 7 Configuring the Switch Ports
Configuring Protected Ports
Configuring Protected Ports
Some applications require that no traffic be forwarded by the Layer 2 protocol
between ports on the same switch. In such an environment, there is no exchange
of unicast, broadcast, or multicast traffic between ports on the switch, and traffic
between ports on the same switch is forwarded through a Layer 3 device such as
a router.
To meet this requirement, you can configure Catalyst 2900 XL and
Catalyst 3500 XL ports as protected ports (also referred to as private VLAN edge
ports). Protected ports do not forward any traffic to protected ports on the same
switch. This means that all traffic passing between protected ports—unicast,
broadcast, and multicast—must be forwarded through a Layer 3 device. Protected
ports can forward any type of traffic to nonprotected ports, and they forward as
usual to all ports on other switches.
Note Sometimes unknown unicast traffic from a nonprotected port is flooded to a
protected port because a MAC address has timed out or has not been learned
by the switch. Use the port block command to guarantee that in such a case
no unicast and multicast traffic is flooded to the port. See the “Configuring
Flooding Controls” section on page 7-4 for more information.
Beginning in privileged EXEC mode, follow these steps to define a port as a
protected port:
Use the no version of the port protected interface configuration command to
disable the protected port option.
Command Purpose
Step 1
configure terminal Enter global configuration mode.
Step 2
interface interface Enter interface configuration mode, and enter the port to be
configured.
Step 3
port protected Enable protected port on the port.
Step 4
end Return to privileged EXEC mode.
Step 5
show port protected Verify that the protected port option is enabled.
To Next Page
Loading...
Need help?
General