Cisco Systems DOC-7814982 Configuring Prote cted Ports

18-3

Catalyst 2950 Desktop Switch Software Configuration Guide

78-14982-01

Chapter 18 Configuring Port -Based Traffic Control Configuring Protected Ports

Beginning i n privileged E X EC mo de , follow these s teps to d isab le sto rm c ontr ol:

Configuring Prote cted Ports

Some appl ications re quire tha t no traffic be forward ed betwee n ports on the same switch so t hat one

neighb or does not see the traffic generat ed by another n eighbo r. In such an environment , the use of

protected po rts ensures that there is no e xchange of u nicast, broadcast, o r multicast traf f ic between these

ports on the switch.

Protected ports have these features:

•A protect ed p ort does no t forw ard any traffic (un icast, multicast, or broa dcast) to any other port t hat

is also a pro tected port. Traffic cannot be for warded betw een prot ecte d ports at Laye r 2; all tr affic

passing be twe en pro tected po rts m ust b e fo rwarded thro ugh a L ay er 3 device.

•Forwarding beh avior betwee n a protec ted port and a nonprot ected por t proc eeds as us ual.

The de fault is to h ave no pr ote cted p ort s de fined.

You can co nfigure pro tected ports on a physi cal int erface (fo r example, Gigabi t Etherne t 0/1) or an

EtherChannel group (for example, port-channel 5). When you enable protected ports for a port channel,

it is e na ble d for a ll port s in t he po rt-c ha nn el gro up.

Both LRE i nterface port s and CPE device ports can be c onfigured as prote cted por ts. When you use a

CPE 575, the cp e protect ed co mmand is not available .

When you use a CPE 585 (which has multiple Ethernet interfaces), the switchport protected comman d

allows devices on di fferent port s o f th e sam e CPE 5 85 to exc hange d ata loc al ly.

In some cases, you might want to pro tect individual CPE device ports. Yo u can do thi s with the cp e

protected command . Devices connect ed to different por ts on the sam e CPE cannot exchange dat a

directl y be tw ee n ea c h o the r wi tho ut be in g fo rwa rded by an L ayer 3 device.

Command Purpose

Step 1 configure terminal Enter globa l configurati on mode.

Step 2 int er fa ce interface-id Specify the port to configure, and enter interface configuration mode.

Step 3 no storm-control {broadcast |

multicast | unicast} level Disable po rt s to rm c ontro l .

Step 4 no storm-control action {shutdown |

trap}Disable the specified storm control action.

Step 5 end Return to privileged EXEC mode.

Step 6 show storm-control {broadcast |

multicast | unicast}Verify yo ur e ntri es.

Step 7 copy running-config startup-config (Optiona l) Save your entries in the co nfigurati on file.