Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

switchport protected on a 802.1q interface ?


on a ISR platform with HWIC-4ESW or EHWIC-4ESG (4 fast ethernet switched ports),

- with interface fa0/1/0 toward customer #1 using vlanid 100, 101, 102, and 1(native),

- with interface fa0/1/1 toward customer #2 using vlanid 201, 202, 203, and 1(native),


 + can I set the switch mode to "protected" on these interfaces in order to prevent traffic from one customer to be seen by the other one (VLAN 1 or misconfiguration where each customer would use the same VLAN ID) ?


+ basically, is it possible to issue the "switchport protected" command on a interface with multiple VLAN (802.1q encapsulation) traffic ? (Can't see why it wouldn't be possible to do so....)


+  VLAN 1 traffic is used on Cisco routers for handling layer 2 control traffic (CDP, Pagp, STP, ...). Do you know if setting ports in "protected" mode will prevent those trafic from being switched from one interface to the other (it would be very useful for me to restrict this traffic on a per port/per customer basis) ?


Thanks for your advices,






New Member

If the command is there I

If the command is there I would assume so.

According to the documentation, switchport protected is supported on dot1q ports.



New Member

 Thanks.Got some testing done



Got some testing done by our cisco support.

protected mode + 802.1q works fine, but doesn't prevent layer2 protocol from being switched between protected ports in VLAN 1.

In the configuration I described earlier, spt or layer 2 control traffic will still be switched throughout all the ports, protected mode or not.