From: Alavalapati, Abhimanyu V. (aalavala@ubspw.com)
Date: Thu Jan 16 2003 - 22:45:51 GMT-3
Was designed for ISP's where they did not want to burn up a subnet per
customer, so they had all their customers on one logical subnet and
seperated them at layer 2. We do this in our extranet environment,
-----Original Message-----
From: John Tafasi [mailto:johntafasi@yahoo.com]
Sent: Thursday, January 16, 2003 4:45 PM
To: ccielab
Subject: Protected switch ports
Hi, group,
the following is an excerpt from the ipexpert catalyst 3550 tutorial.
Although
the configuration is very simple and understandable, I can not imagine a
situation where you would want to deny two hosts in the same lan from seeing
each other. Can some one give an example of a situation where you would want
to configure protected ports.
Thanks
=============================
Protected Ports (Similar to Private VLANs)
Some applications require that no traffic be forwarded between ports on the
same
switch so that one neighbor does not see the traffic generated by another
neighbor. In
such an environment, the use of protected ports ensures that there is no
exchange of
unicast, broadcast, or multicast traffic between these ports on the switch.
Protected ports have these features:
A protected port does not forward any traffic (unicast, multicast, or
broadcast) to any
other port that is also a protected port. Traffic cannot be forwarded
between
protected
ports at Layer 2; all traffic passing between protected ports must be
forwarded through a
Layer 3 device.
Forwarding behavior between a protected port and a nonprotected port
proceeds
as
usual.
Switch# configure terminal
Switch(config)# interface gigabitethernet0/1
Switch(config-if)# switchport protected
Switch(config-if)# end
You can also disable unknown multicasts and unicasts from being flooded to a
protected port with the "switchport block unicast," and "switchport block
multicast"
commands.
.
.
This archive was generated by hypermail 2.1.4 : Sat Feb 01 2003 - 07:33:51 GMT-3