Switch protected port

The protected port is a feature on Cisco Catalyst Switches that you can use to prevent interfaces from communicating with each other. This is a Layer 2 feature, so it restricts communication between two ports on the same VLAN. When using protected ports, keep the following in mind:

  • By default, all ports on a switch are unprotected.
  • Communication between protected ports on the same VLAN is blocked.
  • Communication between a protected port and an unprotected port on the same VLAN is not blocked.
  • In order for devices to communicate outside of the local subnet, you must ensure that the default gateway is connected to an unprotected port.
  • Protected ports on different VLANs can communicate, as long as successful routing is established between the two subnets.

Examine the following network topology: protected-ports-topology.png

  • H1 and H2 cannot communicate with each other
  • The two servers cannot communicate with each other
  • H1 and H2 are able to reach their default gateway R1 via the unprotected port
  • The two servers are able to reach their default gateway R1 via the unprotected port
  • H1 is able to communicate with either one of the servers
  • H2 is able to communicate with either one of the servers

Links:

https://networklessons.com/switching/protected-port-cisco-catalyst-switch/