Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
14485
Views
10
Helpful
3
Replies

Protected Port

Go to solution
rezaalikhani
Level 4
Level 4

‎01-26-2006 09:26 PM - edited ‎03-03-2019 01:36 AM

Hi,

Please someone explain me, what is a "protected port", why we use these types of ports and ... in a Cisco switch?

Thanx

Reza

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Georg Pauwen
VIP
VIP
In response to pkhatri

‎01-26-2006 11:03 PM

Hello,

on a side note, it might be worth mentioning that even a protected port still receives traffic from unknown unicast and multicast MAC addresses. Basically, when the switch receives a unicast or multicast frame for which there is no entry in the CAM table, it will flood those frames out all ports in the respective VLAN, except the one it was received on, including the protected ports. In order to prevent these unknown unicast and multicast frames to be received by the protected ports, configure the ports as following:

interface FastEthernet0/1

switchport protected

switchport block unicast

switchport block multicast

Regards,

GP

View solution in original post

0 Helpful
3 Replies 3

Go to solution
pkhatri
Level 11
Level 11

‎01-26-2006 09:56 PM

Hi Reza,

A protected port provides a form of security whereby a protected port will not forward any traffic (unicast, multicast, or broadcast) to any other port that is also a protected port in the same switch. Note that this does not prevent traffic between protected ports that are on different switches - the feature is only locally significant.

All traffic passing between protected ports must be forwarded through a layer 3 device, such as a router.

A common use would be where you want a user to only be able to communicate with a router but not any other hosts on the same VLAN (consider the case of a switch shared with other customers)..

Hope that helps - pls rate the post if it does.

Regards,

Paresh

Go to solution
Georg Pauwen
VIP
VIP
In response to pkhatri

‎01-26-2006 11:03 PM

Hello,

on a side note, it might be worth mentioning that even a protected port still receives traffic from unknown unicast and multicast MAC addresses. Basically, when the switch receives a unicast or multicast frame for which there is no entry in the CAM table, it will flood those frames out all ports in the respective VLAN, except the one it was received on, including the protected ports. In order to prevent these unknown unicast and multicast frames to be received by the protected ports, configure the ports as following:

interface FastEthernet0/1

switchport protected

switchport block unicast

switchport block multicast

Regards,

GP

0 Helpful

Go to solution
mwasserott
Level 1
Level 1
In response to Georg Pauwen

‎12-08-2009 09:04 AM 

gpauwen wrote:
a protected port still receives traffic from unknown unicast and multicast MAC addresses

But only if that unknown unicast comes from a non-protected port, correct?

0 Helpful
Customers Also Viewed These Support Documents