Re: switchport protected in Trunk port

tlxbx · ‎10-28-2022

What is the significance/impact of using switchport protected in Trunk ports that connect two switches? For eg.

SW1

int gi0/1-->Access VLAN 10-->switchport protected-->Host A

int gi0/24-->Switchport mode Trunk-->switchport protected (des link to SW2)

********

SW2

int gi0/1-->Access VLAN 10-->switchport protected-->Host B

int gi0/24-->Switchport mode Trunk-->switchport protected (des link to SW1)

*****

Can hosts A & B ping each other if these are layer 2 switches? What about STP bpdu etc? My goal is to block layer 2 communication. Thinking alternative options to private vlans.

MHM Cisco World · ‎10-28-2022

can I know why ? instead block STP BPDU use filter BPDU and this make SW never send BPDU.
BUT BUT this is so risky, it can cause loop.

tlxbx · ‎10-28-2022

This has nothing to do with STP. Basically, the only goal is to block end-hosts L2 communication within VLAN. But my concern is what happens when the VLAN is spanned across multiple L2 switches, will it work since there will be a trunk port in between, and if there are any impact?

Reza Sharifi · ‎10-28-2022

According to the description in this link, it appears that a protected port is similar to a private vlan where 2 hosts can not communicate with each other unless they use a layer-3 device.

https://www.cisco.com/en/US/docs/switches/lan/catalyst3850/software/release/3.2_0_se/multibook/configuration_guide/b_consolidated_config_guide_3850_chapter_011101.html

HTH