Switchport Protected - Cisco ME 3400 Command Reference Manual

Chapter 2 Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands

switchport protected

Use the switchport protected interface configuration command to isolate unicast, multicast, and
broadcast traffic at Layer 2 from other protected ports on the same switch. Use the no form of this
command to disable protection on the port.
Protected ports are supported only on network node interfaces (NNIs).
Note
Syntax Description
This command has no arguments or keywords.
Defaults
No protected port is defined. All ports are nonprotected.
Command Modes Interface configuration
Command History Release
12.2(25)EX
Usage Guidelines The switchport protection feature is local to the switch; communication between protected ports on the
same switch is possible only through a Layer 3 device. To prevent communication between protected
ports on different switches, you must configure the protected ports for unique VLANs on each switch
and configure a trunk link between the switches. A protected port is different from a secure port.
A protected port does not forward any traffic (unicast, multicast, or broadcast) to any other port that is
also a protected port. Data traffic cannot be forwarded between protected ports at Layer 2; only control
traffic, such as PIM packets, is forwarded because these packets are processed by the CPU and forwarded
in software. All data traffic passing between protected ports must be forwarded through a Layer 3 device.
Port monitoring does not work if both the monitor and monitored ports are protected ports.
Examples This example shows how to enable a protected port on an interface:
Switch(config)# interface gigabitethernet0/2
Switch(config-if)# switchport protected
You can verify your settings by entering the show interfaces interface-id switchport privileged EXEC
command.
OL-9640-10
switchport protected
no switchport protected
Modification
This command was introduced.
Cisco ME 3400 Ethernet Access Switch Command Reference
switchport protected
2-689