Shulou(Shulou.com)06/01 Report--

Under some special requirements, it is necessary to prohibit communication between hosts with the same VLAN on the same switch, but these hosts that cannot communicate can not be delimited to a different VLAN, because they also need to communicate with other hosts in the VLAN, but cannot communicate with some hosts. This feature can achieve this requirement.

Protected ports have these features:

A protected port does not forward any traffic (unicast, multicast, or broadcast) to any other port that is also a protected port. Data traffic cannot be forwarded between protected ports at Layer 2; only control traffic, such as PIM packets, is forwarded because these packets are processed by the CPU and forwarded in software. All data traffic passing between protected ports must be forwarded through a Layer 3 device.

Forwarding behavior between a protected port and a nonprotected port proceeds as usual.

You can configure protected ports on a physical interface (for example, Gigabit Ethernet port 1) or an EtherChannel group (for example, port-channel 5). When you enable protected ports for a port channel, it is enabled for all ports in the port-channel group.

Do not configure a private-VLAN port as a protected port. Do not configure a protected port as a private-VLAN port. A private-VLAN isolated port does not forward traffic to other isolated ports or community ports. For more information about private VLANs

Note: this feature is only valid on a single switch.

Ports of sw1 (config-if) # switchport protected configured with this feature cannot access each other. But it can be accessed with other ports.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.