17-4
Catalyst 2940 Switch Software Configuration Guide
78-15507-02
Chapter17 Configuring Port-Based Traffic Control
Configuring Protected Ports
Configuring Protected PortsSome applications require that no traffic be forwarded between ports on the same switch so that one
neighbor does not see the traffic generated by another neighbor. In such an environment, the use of
protected ports ensures that there is no exchange of unicast, broadcast, or multicast traffic between these
ports on the switch.
Protected ports have these features:
•A protected port does not forward any traffic (unicast, multicast, or br oadcast) to an y oth er port t hat
is also a protected port. Traffic cannot be forwarded between protected ports at Layer 2; all traffic
passing between protected ports must be forwarded through a Layer 3 device.
•Forwarding behavior between a protected port and a nonprotecte d port p roce eds as u s ual.
•Protected ports are supported on 802.1Q trunks.
The default is to have no protected ports defined.
You can configure protected ports on a physical interface (for example, Gigabit Ethernet 0/1) or an
EtherChannel group (for example, port-channel 5). When you enable protec ted ports for a port channel,
it is enabled for all ports in the port-channel group.
Beginning in privileged EXEC mode, follow these steps to define a port as a protected port:
To disable protected port, use the no switchport protected interface configuration command.
This example shows how to configure Gigabit Ethernet interface 0/1 as a prot ec ted por t a nd veri fy the
configuration:
Switch# configure terminal
Switch(config)# interface gigabitethernet0/1
Switch(config-if)# switchport protected
Switch(config-if)# end
Step4 no storm-control action {shutdown |
trap}Disable the specified storm control action.
Step5 end Return to privileged EXEC mode.
Step6 show storm-control {broadcast |
multicast | unicast}Verify your entries.
Step7 copy running-config startup-config (Optional) Save your entries in the configuration file.
Command Purpose
Command Purpose
Step1 configure terminal Enter global configuration mode.
Step2 interface interface-id Specify the type and number of the physical interface to
configure, for example gigabitethernet0/1, and enter
interface configuration mode.
Step3 switchport protected Configure the interface to be a protected port.
Step4 end Return to privileged EXEC mode.
Step5 show interfaces interface-id switchport Verify your entries.
Step6 copy running-config startup-config (Optional) Save your entries in the configuration file.