From: Scott Morris (swm@emanon.com)
Date: Thu Dec 07 2006 - 10:21:11 ART
These are two completely different concepts.
The "switchport block" commands have to do with altering the typical
behavior of a bridge/switch. While normally a switch keeps a cam table to
associate MAC addresses to outbound ports, every once and a while a frame
shows up with a MAC not in the list. The behavior is to flood these frames
out every port in the corresponding VLAN to assure delivery.
The "switcport block" commands alter this behavior and tell the switch NOT
to do this for the interface tagged.
"Switchport protected" on the other hand is the private-vlan edge concept
(pre-private-vlan, or 3550 implementation). Any two ports tagged as
"protected" within a single VLAN will never speak with each other via
unicast, broadcast or multicast directly at Layer2.
HTH,
Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, JNCIE
#153, CISSP, et al.
CCSI/JNCI-M/JNCI-J
IPExpert VP - Curriculum Development
IPExpert Sr. Technical Instructor
smorris@ipexpert.com
http://www.ipexpert.com
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Noble
Sent: Thursday, December 07, 2006 1:49 AM
To: Cisco certification
Subject: Protected Ports
Hi Group,
I am trying to understand the need of adding "switchport block multicast"
and "switchport block unicast" along with "switchport protected".
I understand that traffic arriving on one protected port will not be
forwarded out other protected ports. If this is the case why would we need
to block multicast and unicast using switchport block command.
-- Thank you,-Noble
This archive was generated by hypermail 2.1.4 : Tue Jan 02 2007 - 07:50:37 ART