Configuring Protected Ports

Information About Protected Ports

The following sections provide information about protected ports.

Protected Ports

Some applications require that no traffic be forwarded at Layer 2 between ports on the same switch so that one neighbor does not see the traffic generated by another neighbor. In such an environment, the use of protected ports ensures that there is no exchange of unicast, broadcast, or multicast traffic between these ports on the switch.

Protected ports have these features:

  • A protected port does not forward any traffic (unicast, multicast, or broadcast) to any other port that is also a protected port. Data traffic cannot be forwarded between protected ports at Layer 2; only control traffic, such as PIM packets, is forwarded because these packets are processed by the CPU and forwarded in software. All data traffic passing between protected ports must be forwarded through a Layer 3 device.

  • Forwarding behavior between a protected port and a nonprotected port proceeds as usual.

Default Protected Port Configuration

The default is to have no protected ports defined.

Protected Ports Guidelines

You can configure protected ports on a physical interface (for example, Gigabit Ethernet port 1) or an EtherChannel group (for example, port-channel 5). When you enable protected ports for a port channel, it is enabled for all ports in the port-channel group.

How to Configure Protected Ports

The following section provides information on configuring protected ports.

Configuring a Protected Port

To configure a protected port, perform this procedure:

Before you begin

Protected ports are not pre-defined.

Procedure

  Command or Action Purpose

Step 1

enable

Example:

Device> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2

configure terminal

Example:

Device configure terminal

Enters global configuration mode.

Step 3

interface interface-id

Example:


Device(config)# interface gigabitethernet 1/0/2

Specifies the interface to be configured, and enter interface configuration mode.

Step 4

switchport protected

Example:

Device(config-if)# switchport protected

Configures the interface to be a protected port.

Step 5

end

Example:

Device(config-if)# end

Returns to privileged EXEC mode.

Step 6

show interfaces interface-id switchport

Example:


Device(config)# show interfaces gigabitethernet 1/0/2 switchport

Verifies your entries.

Step 7

show running-config

Example:

Device# show running-config

Verifies your entries.

Step 8

copy running-config startup-config

Example:

Device# copy running-config startup-config

(Optional) Saves your entries in the configuration file.

Monitoring Protected Ports

Table 1. Commands for Displaying Protected Port Settings

Command

Purpose

show interfaces [interface-id] switchport

Displays the administrative and operational status of all switching (nonrouting) ports or the specified port, including port blocking and port protection settings.

Feature History for Protected Ports

This table provides release and related information for features explained in this module.

These features are available on all releases subsequent to the one they were introduced in, unless noted otherwise.

Release

Feature

Feature Information

Cisco IOS Release 15.2(7)E3k

Protected Ports

Protected ports ensures that there is no exchange of unicast, broadcast, or multicast traffic between ports on the switch.

Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn.