cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
359
Views
0
Helpful
2
Replies

switchport protected on a 802.1q interface ?

pascalfr0
Level 1
Level 1

Hi,

on a ISR platform with HWIC-4ESW or EHWIC-4ESG (4 fast ethernet switched ports),

- with interface fa0/1/0 toward customer #1 using vlanid 100, 101, 102, and 1(native),

- with interface fa0/1/1 toward customer #2 using vlanid 201, 202, 203, and 1(native),

 

 + can I set the switch mode to "protected" on these interfaces in order to prevent traffic from one customer to be seen by the other one (VLAN 1 or misconfiguration where each customer would use the same VLAN ID) ?

 

+ basically, is it possible to issue the "switchport protected" command on a interface with multiple VLAN (802.1q encapsulation) traffic ? (Can't see why it wouldn't be possible to do so....)

 

+  VLAN 1 traffic is used on Cisco routers for handling layer 2 control traffic (CDP, Pagp, STP, ...). Do you know if setting ports in "protected" mode will prevent those trafic from being switched from one interface to the other (it would be very useful for me to restrict this traffic on a per port/per customer basis) ?

 

Thanks for your advices,

 

Pascal

 

 

 

2 Replies 2

LA-Engineer
Level 1
Level 1

If the command is there I would assume so.

According to the documentation, switchport protected is supported on dot1q ports.

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2950/software/release/12-1_20_ea2/configuration/guide/2950scg/swtrafc.html#wp1158863

 

 

 

Thanks.

Got some testing done by our cisco support.

protected mode + 802.1q works fine, but doesn't prevent layer2 protocol from being switched between protected ports in VLAN 1.

In the configuration I described earlier, spt or layer 2 control traffic will still be switched throughout all the ports, protected mode or not.

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco