Switchport Protected Command

By daxm

Similar to Private VLAN’s concept of an isolated VLAN is a command called Switchport Protected.  It is similar in that any interface that is in the same VLAN and is in “switchport protected” mode cannot see each other but can see other ports NOT in switchport protected mode that are in the same VLAN.  This feature ONLY works on a per switch basis.  So protected interfaces on different switches can communicate with each other as if the protected command wasn’t there.

Here is my graphic to display this:

So all the “PCs” shown are in VLAN 3.  All the ports connecting to the PCs are in switchport protected mode except the one connecting to PC 101.  (In my examples the “PCs” are actually routers but the concept still applies.)  The green arrows indicate successful intercommunications whereas the red arrow indicates communication that is denied due to the switchport protected feature.

To validate the configuration of this setting use the “show interface <num> switchport” command:

SW1#sh int g1/0/3 switchport
Name: Gi1/0/3
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 3 (VLAN0003)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL

Protected: true
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none

Note the section in red.



About... daxm

This author published 8 posts in this site.

Share

FacebookTwitterEmailWindows LiveTechnoratiDeliciousDiggStumbleponMyspaceLikedin

Leave a comment