Configuring and Monitoring Port Security

Configuring Protected Ports

Configuring Protected Ports

There are situations where you want to provide internet access to users but prevent them from accessing each other. To achieve this control, you can use the protected-portscommand. The command applies per-port, and filters the outbound traffic from a port. This allows the configuration of two port groups on a switch—protected ports and unprotected ports. The ports have these characteristics:

Traffic from protected ports is not forwarded to other protected ports.

Protected ports can communicate with unprotected ports, but not with each other.

Unprotected ports can communicate with all ports.

The protected-portscommand applies to logical ports (trunks as well as untrunked ports)

Syntax: [no] protected-ports <port-list>

Prevents the selected ports from communicating with each other.

Default: All ports unprotected.

no protected-ports all

Clears the protection from all ports; all ports can now communicate with each other.

ProCurve(config)# protected-ports 4-5

Figure 9-15. Example of Protected Ports Command for Ports 4 and 5

To display information about which ports have been configured as protected ports, enter this command:

ProCurve(config)# show protected-ports

9-27