Protected Port Configuration Guidelines; Configuring A Protected Port; Configuring Port Blocking - Cisco Catalyst 2960 Software Configuration Manual
Hide thumbs
Also See for Catalyst 2960:
- Configuration manual (2288 pages) ,
- Command reference manual (800 pages) ,
- Hardware installation manual (108 pages)
Table of Contents
Advertisement
Chapter 23
Configuring Port-Based Traffic Control
Protected Port Configuration Guidelines
You can configure protected ports on a physical interface (for example, Gigabit Ethernet port 1) or an
EtherChannel group (for example, port-channel 5). When you enable protected ports for a port channel,
it is enabled for all ports in the port-channel group.
Configuring a Protected Port
Beginning in privileged EXEC mode, follow these steps to define a port as a protected port:
Command
Step 1
configure terminal
Step 2
interface interface-id
Step 3
switchport protected
Step 4
end
Step 5
show interfaces interface-id switchport
Step 6
copy running-config startup-config
To disable protected port, use the no switchport protected interface configuration command.
This example shows how to configure a port as a protected port:
Switch# configure terminal
Switch(config)# interface gigabitethernet1/0/1
Switch(config-if)# switchport protected
Switch(config-if)# end
Configuring Port Blocking
By default, the switch floods packets with unknown destination MAC addresses out of all ports. If
unknown unicast and multicast traffic is forwarded to a protected port, there could be security issues. To
prevent unknown unicast or multicast traffic from being forwarded from one port to another, you can
block a port (protected or nonprotected) from flooding unknown unicast or multicast packets to other
ports.
With multicast traffic, the port blocking feature blocks only pure Layer 2 packets. Multicast packets that
Note
contain IPv4 or IPv6 information in the header are not blocked.
•
•
OL-26520-01
Default Port Blocking Configuration, page 23-8
Blocking Flooded Traffic on an Interface, page 23-8
Catalyst 2960 and 2960-S Switches Software Configuration Guide, Release 15.0(1)SE
Purpose
Enter global configuration mode.
Specify the interface to be configured, and enter interface
configuration mode.
Configure the interface to be a protected port.
Return to privileged EXEC mode.
Verify your entries.
(Optional) Save your entries in the configuration file.
Configuring Port Blocking
23-7
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
