10-14-2017 04:56 AM - edited 03-08-2019 12:21 PM
Can switchport protected port ping another vlan in another switch or different vlan in same switch in intervlan environment?
I think the answer is yes, it can use layer 3 by go further to router instead of layer 2 in current switch
Is it correct?
if not intervlan routing , the route in firewall which route back to core switch, can switchport protected still ping another port?
if so, why need switchport protected?
just for layer 2?
Solved! Go to Solution.
10-14-2017 05:04 AM
Hello,
the 'switchport protected' concept is local to the switch and local to the VLAN. Which means your assumptions are correct: a protected port can ping any other port on another switch, and any other port in a different VLAN. The only port it cannot ping is another protected port on the same switch, in the same VLAN.
10-14-2017 05:04 AM
Hello,
the 'switchport protected' concept is local to the switch and local to the VLAN. Which means your assumptions are correct: a protected port can ping any other port on another switch, and any other port in a different VLAN. The only port it cannot ping is another protected port on the same switch, in the same VLAN.
10-14-2017 05:13 AM
Hello,
You are correct. Switchport protected port is meant to isolate protected ports to do not receive unicast, broadcast or multicast from any other protected port on the same switch or stack switch at Layer 2 only.
Layer 3 communication happen normally.
The objective here is avoid for example packets sniffer on the same layer 2 domain thus offering protection.
By allowing only layer 3 traffic you have much more control.
An useful utilization would be for example two different company sharing the same switch in a building or a service provider isolating their clients on the same infrastructure.
-If I helped you somehow, please, rate it as useful.-
10-14-2017 06:23 PM
10-14-2017 11:52 PM
Hello,
in order to avoid confusion, can you post the configuration of your switch ?
10-16-2017 08:28 PM
10-16-2017 09:59 PM
It look at Layer 2 protocol and not Layer 3. It is just a matter of desncapsulation.
10-17-2017 12:07 AM
Hello,
think about the layers as being hierarchical. If you cannot communicate at layer 2, you automatically cannot communicate at any of the higher layers (3 thru 7). Similarly, if you unplug the cable (layer 1), you cannot communicate at any of the other higher layers either.
Does that make sense ?
10-17-2017 01:14 AM
10-17-2017 01:22 AM
For L3 control, access lists (or Vlan Access Lists) would be used.
What are you after ? Is there a specific scenario you are looking at ?
10-17-2017 06:48 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide