07-19-2004 02:28 PM - edited 03-02-2019 05:10 PM
I was reading the documentation and found the protected ports option. It looks like it could help slow down/stop some viruses and worms breakouts. However does this feature work across switches?
Does any one out there use portected ports? Why/why not? How much protection does it really give?
Thank You
07-20-2004 02:10 AM
Hey Jeff,
here is the significance of protected port(PrivateVLAN edge port) :
The PVLAN edge (protected port) is a feature that has only local significance to the switch, and there is no isolation provided between two protected ports located on different switches. A protected port does not forward any traffic (unicast, multicast, or broadcast) to any other port that is also a protected port in the same switch and hence providing isolation. Traffic cannot be forwarded between protected ports at L2, all traffic passing between protected ports must be forwarded through a Layer 3 (L3) device.
private vlan includes 2 type of vlans : isolated vlan and community vlans.
Isolated vlan`s port cant talk to each other and they are generally used to connect to l3 devices like routers and we asssign IP address to these ports. Isolated ports are contacted by community vlan ports.
Community Vlans ports are connected with workstations which you want to isolate with rest of PCs on that switch. 2 community vlan ports can talk to each other and they can also communicate with isolate vlan ports.
protected ports are used when u want to have a confidential server and dont want anybody to contact that except some specified users. then u can connect that server to isolated vlan port and . and special users can be connected to comunity vlan ports so that only they can contact server.
Protected ports are not used for protection from viruses. they actually dont give protection, rather they give isolation from the local network on the switch.
kindly let me know if any further queries you have.
"Lets switchit" ;)
07-20-2004 08:30 AM
So a protected port is a PVLAN?
Thank You
07-20-2004 09:04 AM
Jeff :
If you have a 2900XL or 3500XL series switches, the "port protected" command stops any L2 communication between this two ports. In this scenario, the only mac-addresses available fot that special ports are the ones learned via a non-protected (standard) port.
This behavior is only for ports of this box, so if you would like a port protected on another switch of your network, then you have to configure "port protected" on every trunk of this switch, but this configuration disable the communication of the protected ports of that swtich to another boxes !!!
Regards
Martín
07-20-2004 11:24 PM
Hey Jeff,
Yes, protected port is PVLAN port.as previously I mentioned its not a standard port, and will not communicate with any Normal L2 port.
community-to-community = possible
community -to-isolated = possible (vice-versa)
isolated-to-isolated = not possible
Kindly update me if you need any further clarification.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide