RE: Protected switch ports

From: Jihene Bouraoui (bouraoui@globalknowledge.fr)
Date: Fri Jan 17 2003 - 06:53:43 GMT-3

• Next message: Emre: "encapsulation failed"
• Previous message: Bobby: "router bootup"
• Maybe in reply to: John Tafasi: "Protected switch ports"
• Next in thread: Fadil: "Re: Protected switch ports"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

We can find such use in a dmz for example. You can have 2 servers in
your dmz, and these servers don't have to talk together, an attack can
use one server to hack the second one, so, with port protected feature,
you can be sure that this can not occur.

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
John Tafasi
Sent: jeudi 16 janvier 2003 22:45
To: ccielab
Subject: Protected switch ports

Hi, group,

the following is an excerpt from the ipexpert catalyst 3550 tutorial.
Although the configuration is very simple and understandable, I can not
imagine a situation where you would want to deny two hosts in the same
lan from seeing each other. Can some one give an example of a situation
where you would want to configure protected ports.

Thanks

=============================

Protected Ports (Similar to Private VLANs)

Some applications require that no traffic be forwarded between ports on
the same

switch so that one neighbor does not see the traffic generated by
another neighbor. In

such an environment, the use of protected ports ensures that there is no
exchange of

unicast, broadcast, or multicast traffic between these ports on the
switch.

Protected ports have these features:

A protected port does not forward any traffic (unicast, multicast, or
broadcast) to any

other port that is also a protected port. Traffic cannot be forwarded
between protected

ports at Layer 2; all traffic passing between protected ports must be
forwarded through a

Layer 3 device.

Forwarding behavior between a protected port and a nonprotected port
proceeds as

usual.

Switch# configure terminal

Switch(config)# interface gigabitethernet0/1

Switch(config-if)# switchport protected

Switch(config-if)# end

You can also disable unknown multicasts and unicasts from being flooded
to a

protected port with the "switchport block unicast," and "switchport
block multicast"

commands.
.

• Next message: Emre: "encapsulation failed"
• Previous message: Bobby: "router bootup"
• Maybe in reply to: John Tafasi: "Protected switch ports"
• Next in thread: Fadil: "Re: Protected switch ports"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Feb 01 2003 - 07:33:52 GMT-3