Default Protected Port Configuration; Protected Ports Guidelines; How To Configure Protected Ports; Configuring A Protected Port - Cisco Catalyst 2960-X Security Configuration Manual

Configuring Port-Based Traffic Control
Protected ports have these features:
• A protected port does not forward any traffic (unicast, multicast, or broadcast) to any other port that is
• Forwarding behavior between a protected port and a nonprotected port proceeds as usual.
Because a switch stack represents a single logical switch, Layer 2 traffic is not forwarded between any protected
ports in the switch stack, whether they are on the same or different switches in the stack.

Default Protected Port Configuration

The default is to have no protected ports defined.

Protected Ports Guidelines

You can configure protected ports on a physical interface (for example, Gigabit Ethernet port 1) or an
EtherChannel group (for example, port-channel 5). When you enable protected ports for a port channel, it is
enabled for all ports in the port-channel group.

How to Configure Protected Ports

Configuring a Protected Port

Before You Begin
Protected ports are not pre-defined. This is the task to configure one.
SUMMARY STEPS
1. enable
2. configure terminal
3. interface interface-id
4. switchport protected
5. end
6. show interfaces interface-id switchport
7. show running-config
8. copy running-config startup-config
OL-29048-01
also a protected port. Data traffic cannot be forwarded between protected ports at Layer 2; only control
traffic, such as PIM packets, is forwarded because these packets are processed by the CPU and forwarded
in software. All data traffic passing between protected ports must be forwarded through a Layer 3 device.
Catalyst 2960-X Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX
How to Configure Protected Ports
425