01-26-2006 09:26 PM - edited 03-03-2019 01:36 AM
Hi,
Please someone explain me, what is a "protected port", why we use these types of ports and ... in a Cisco switch?
Thanx
Reza
Solved! Go to Solution.
01-26-2006 11:03 PM
Hello,
on a side note, it might be worth mentioning that even a protected port still receives traffic from unknown unicast and multicast MAC addresses. Basically, when the switch receives a unicast or multicast frame for which there is no entry in the CAM table, it will flood those frames out all ports in the respective VLAN, except the one it was received on, including the protected ports. In order to prevent these unknown unicast and multicast frames to be received by the protected ports, configure the ports as following:
interface FastEthernet0/1
switchport protected
switchport block unicast
switchport block multicast
Regards,
GP
01-26-2006 09:56 PM
Hi Reza,
A protected port provides a form of security whereby a protected port will not forward any traffic (unicast, multicast, or broadcast) to any other port that is also a protected port in the same switch. Note that this does not prevent traffic between protected ports that are on different switches - the feature is only locally significant.
All traffic passing between protected ports must be forwarded through a layer 3 device, such as a router.
A common use would be where you want a user to only be able to communicate with a router but not any other hosts on the same VLAN (consider the case of a switch shared with other customers)..
Hope that helps - pls rate the post if it does.
Regards,
Paresh
01-26-2006 11:03 PM
Hello,
on a side note, it might be worth mentioning that even a protected port still receives traffic from unknown unicast and multicast MAC addresses. Basically, when the switch receives a unicast or multicast frame for which there is no entry in the CAM table, it will flood those frames out all ports in the respective VLAN, except the one it was received on, including the protected ports. In order to prevent these unknown unicast and multicast frames to be received by the protected ports, configure the ports as following:
interface FastEthernet0/1
switchport protected
switchport block unicast
switchport block multicast
Regards,
GP
12-08-2009 09:04 AM
gpauwen wrote:
a protected port still receives traffic from unknown unicast and multicast MAC addresses
But only if that unknown unicast comes from a non-protected port, correct?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide