Switch protected port
The protected port is a feature on Cisco Catalyst Switches that you can use to prevent interfaces from communicating with each other. This is a Layer 2 feature, so it restricts communication between two ports on the same VLAN. When using protected ports, keep the following in mind:
- By default, all ports on a switch are unprotected.
- Communication between protected ports on the same VLAN is blocked.
- Communication between a protected port and an unprotected port on the same VLAN is not blocked.
- In order for devices to communicate outside of the local subnet, you must ensure that the default gateway is connected to an unprotected port.
- Protected ports on different VLANs can communicate, as long as successful routing is established between the two subnets.
Examine the following network topology:
- H1 and H2 cannot communicate with each other
- The two servers cannot communicate with each other
- H1 and H2 are able to reach their default gateway R1 via the unprotected port
- The two servers are able to reach their default gateway R1 via the unprotected port
- H1 is able to communicate with either one of the servers
- H2 is able to communicate with either one of the servers