Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
986
Views
0
Helpful
4
Replies

Protected Ports

jeff.cook
Level 1
Level 1

‎07-19-2004 02:28 PM - edited ‎03-02-2019 05:10 PM

I was reading the documentation and found the protected ports option. It looks like it could help slow down/stop some viruses and worms breakouts. However does this feature work across switches?

Does any one out there use portected ports? Why/why not? How much protection does it really give?

Thank You

Labels:
0 Helpful
4 Replies 4

switchit
Level 1
Level 1

‎07-20-2004 02:10 AM

Hey Jeff,

here is the significance of protected port(PrivateVLAN edge port) :

The PVLAN edge (protected port) is a feature that has only local significance to the switch, and there is no isolation provided between two protected ports located on different switches. A protected port does not forward any traffic (unicast, multicast, or broadcast) to any other port that is also a protected port in the same switch and hence providing isolation. Traffic cannot be forwarded between protected ports at L2, all traffic passing between protected ports must be forwarded through a Layer 3 (L3) device.

private vlan includes 2 type of vlans : isolated vlan and community vlans.

Isolated vlan`s port cant talk to each other and they are generally used to connect to l3 devices like routers and we asssign IP address to these ports. Isolated ports are contacted by community vlan ports.

Community Vlans ports are connected with workstations which you want to isolate with rest of PCs on that switch. 2 community vlan ports can talk to each other and they can also communicate with isolate vlan ports.

protected ports are used when u want to have a confidential server and dont want anybody to contact that except some specified users. then u can connect that server to isolated vlan port and . and special users can be connected to comunity vlan ports so that only they can contact server.

Protected ports are not used for protection from viruses. they actually dont give protection, rather they give isolation from the local network on the switch.

kindly let me know if any further queries you have.

"Lets switchit" ;)

0 Helpful

jeff.cook
Level 1
Level 1
In response to switchit

‎07-20-2004 08:30 AM

So a protected port is a PVLAN?

Thank You

0 Helpful

martin-perez
Level 1
Level 1
In response to jeff.cook

‎07-20-2004 09:04 AM

Jeff :

If you have a 2900XL or 3500XL series switches, the "port protected" command stops any L2 communication between this two ports. In this scenario, the only mac-addresses available fot that special ports are the ones learned via a non-protected (standard) port.

This behavior is only for ports of this box, so if you would like a port protected on another switch of your network, then you have to configure "port protected" on every trunk of this switch, but this configuration disable the communication of the protected ports of that swtich to another boxes !!!

Regards

Martín

0 Helpful

switchit
Level 1
Level 1
In response to jeff.cook

‎07-20-2004 11:24 PM

Hey Jeff,

Yes, protected port is PVLAN port.as previously I mentioned its not a standard port, and will not communicate with any Normal L2 port.

community-to-community = possible

community -to-isolated = possible (vice-versa)

isolated-to-isolated = not possible

Kindly update me if you need any further clarification.

0 Helpful
Customers Also Viewed These Support Documents