Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Protected Port

Hi,

Please someone explain me, what is a "protected port", why we use these types of ports and ... in a Cisco switch?

Thanx

Reza

1 ACCEPTED SOLUTION

Accepted Solutions
VIP Purple

Re: Protected Port

Hello,

on a side note, it might be worth mentioning that even a protected port still receives traffic from unknown unicast and multicast MAC addresses. Basically, when the switch receives a unicast or multicast frame for which there is no entry in the CAM table, it will flood those frames out all ports in the respective VLAN, except the one it was received on, including the protected ports. In order to prevent these unknown unicast and multicast frames to be received by the protected ports, configure the ports as following:

interface FastEthernet0/1

switchport protected

switchport block unicast

switchport block multicast

Regards,

GP

3 REPLIES
Purple

Re: Protected Port

Hi Reza,

A protected port provides a form of security whereby a protected port will not forward any traffic (unicast, multicast, or broadcast) to any other port that is also a protected port in the same switch. Note that this does not prevent traffic between protected ports that are on different switches - the feature is only locally significant.

All traffic passing between protected ports must be forwarded through a layer 3 device, such as a router.

A common use would be where you want a user to only be able to communicate with a router but not any other hosts on the same VLAN (consider the case of a switch shared with other customers)..

Hope that helps - pls rate the post if it does.

Regards,

Paresh

VIP Purple

Re: Protected Port

Hello,

on a side note, it might be worth mentioning that even a protected port still receives traffic from unknown unicast and multicast MAC addresses. Basically, when the switch receives a unicast or multicast frame for which there is no entry in the CAM table, it will flood those frames out all ports in the respective VLAN, except the one it was received on, including the protected ports. In order to prevent these unknown unicast and multicast frames to be received by the protected ports, configure the ports as following:

interface FastEthernet0/1

switchport protected

switchport block unicast

switchport block multicast

Regards,

GP

New Member

Re: Protected Port

gpauwen wrote:

a protected port still receives traffic from unknown unicast and multicast MAC addresses

But only if that unknown unicast comes from a non-protected port, correct?

8841
Views
5
Helpful
3
Replies
CreatePlease to create content