Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Port Isolation Catalyst 2950

I am looking to isolate ports 1-23 from seeing one another, yet I would like to share port 24 (uplink to Internet connection) with each port.

(so that each computer could see the Internet, but could not see each other)

I've found a million documents which look promising, but never quite address the goal I am trying to reach. If anyone could either share the proper commands with me, or point me to a definitive document, it would help me tremendously.

Thank you!

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Port Isolation Catalyst 2950

Fuzzy,

Have you ever read this feature?

Configuring Protected Ports

Some applications require that no traffic be forwarded between ports on the same switch so that one neighbor does not see the traffic generated by another neighbor. In such an environment, the use of protected ports ensures that there is no exchange of unicast, broadcast, or multicast traffic between these ports on the switch.

Protected ports have these features:

•A protected port does not forward any traffic (unicast, multicast, or broadcast) to any other port that is also a protected port. Data traffic cannot be forwarded between protected ports at Layer 2; only control traffic, such as PIM packets, is forwarded because these packets are processed by the CPU and forwarded in software. All data traffic passing between protected ports must be forwarded through a Layer 3 device.

•Forwarding behavior between a protected port and a nonprotected port proceeds as usual.

•Protected ports are supported on IEEE 802.1Q trunks.

Please check out this link . C2950 Right?

http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_22_ea11x/configuration/guide/swtrafc.html#wp1158863

F.e.

Switch# configure terminal

Switch(config)# interface range fastethernet0/1 - 23

Switch(config-if)# switchport protected

Switch(config-if)# end

HTH,

Toshi

2 REPLIES

Re: Port Isolation Catalyst 2950

Fuzzy,

Have you ever read this feature?

Configuring Protected Ports

Some applications require that no traffic be forwarded between ports on the same switch so that one neighbor does not see the traffic generated by another neighbor. In such an environment, the use of protected ports ensures that there is no exchange of unicast, broadcast, or multicast traffic between these ports on the switch.

Protected ports have these features:

•A protected port does not forward any traffic (unicast, multicast, or broadcast) to any other port that is also a protected port. Data traffic cannot be forwarded between protected ports at Layer 2; only control traffic, such as PIM packets, is forwarded because these packets are processed by the CPU and forwarded in software. All data traffic passing between protected ports must be forwarded through a Layer 3 device.

•Forwarding behavior between a protected port and a nonprotected port proceeds as usual.

•Protected ports are supported on IEEE 802.1Q trunks.

Please check out this link . C2950 Right?

http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_22_ea11x/configuration/guide/swtrafc.html#wp1158863

F.e.

Switch# configure terminal

Switch(config)# interface range fastethernet0/1 - 23

Switch(config-if)# switchport protected

Switch(config-if)# end

HTH,

Toshi

New Member

Re: Port Isolation Catalyst 2950

Toshi;

THANK YOU! I missed the following line when I read through the document the first time, "•Forwarding behavior between a protected port and a nonprotected port proceeds as usual." - having missed that line, I didn't think the first 23 ports would talk to the unprotected port. This resolved the issue for me. Thank you very much for the prompt nature of your response - you nailed it!!

8185
Views
0
Helpful
2
Replies
CreatePlease to create content