Port protected on trunk ports

jtothemak · ‎11-19-2013

I have a router to a 3550 switch feeding in a star toplogy one 2950 off each port. I have port protprected on the ports of each of the 2950s. The question is can I do port protected on all my trunk ports except the uplink port on the 3550? I am wanting to stop any user on the network from seeing another. My other option is to do a vlan per switch but would perfer not to bring down the network as it is already live and in heavy usage.

Thank you for your help in advance.

Reza Sharifi · ‎11-19-2013

Yes, you can enable protected mode on trunk ports

Configuring Protected Ports

Some applications require that no traffic be forwarded between ports on the same switch so that one neighbor does not see the traffic generated by another neighbor. In such an environment, the use of protected ports ensures that there is no exchange of unicast, broadcast, or multicast traffic between these ports on the switch.

Protected ports have these features:

•A protected port does not forward any traffic (unicast, multicast, or broadcast) to any other port that is also a protected port. Data traffic cannot be forwarded between protected ports at Layer 2; only control traffic, such as PIM packets, is forwarded because these packets are processed by the CPU and forwarded in software. All data traffic passing between protected ports must be forwarded through a Layer 3 device.

•Forwarding behavior between a protected port and a nonprotected port proceeds as usual.

•Protected ports are supported on 802.1Q trunks.

link:

http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_20_ea2/configuration/guide/swtrafc.html#wp1158863

HTH