Table of Contents
Advertisement
Chapter 24
Configuring Port-Based Traffic Control
Configuring Protected Ports
Some applications require that no traffic be forwarded at Layer 2 between ports on the same switch so
that one neighbor does not see the traffic generated by another neighbor. In such an environment, the use
of protected ports ensures that there is no exchange of unicast, broadcast, or multicast traffic between
these ports on the switch.
Protected ports have these features:
•
•
Because a switch stack represents a single logical switch, Layer 2 traffic is not forwarded between any
protected ports in the switch stack, whether they are on the same or different switches in the stack.
Default Protected Port Configuration
The default is to have no protected ports defined.
Protected Port Configuration Guidelines
You can configure protected ports on a physical interface (for example, Gigabit Ethernet port 1) or an
EtherChannel group (for example, port-channel 5). When you enable protected ports for a port channel,
it is enabled for all ports in the port-channel group.
Do not configure a private-VLAN port as a protected port. Do not configure a protected port as a
private-VLAN port. A private-VLAN isolated port does not forward traffic to other isolated ports or
community ports. For more information about private VLANs, see
VLANs."
Configuring a Protected Port
Beginning in privileged EXEC mode, follow these steps to define a port as a protected port:
Command
Step 1
configure terminal
Step 2
interface interface-id
Step 3
switchport protected
Step 4
end
Step 5
show interfaces interface-id switchport
Step 6
copy running-config startup-config
78-16180-02
A protected port does not forward any traffic (unicast, multicast, or broadcast) to any other port that is
also a protected port. Data traffic cannot be forwarded between protected ports at Layer 2; only control
traffic, such as PIM packets, is forwarded because these packets are processed by the CPU and forwarded
in software. All data traffic passing between protected ports must be forwarded through a Layer 3 device.
Forwarding behavior between a protected port and a nonprotected port proceeds as usual.
Purpose
Enter global configuration mode.
Enter interface configuration mode, and enter the type and
number of the interface to configure, for example
gigabitethernet1/0/1.
Configure the interface to be a protected port.
Return to privileged EXEC mode.
Verify your entries.
(Optional) Save your entries in the configuration file.
Catalyst 3750 Switch Software Configuration Guide
Configuring Protected Ports
Chapter 15, "Configuring Private
24-5
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
