Previous Topic

Next Topic

Book Contents

Protected Ports Commands

This section describes commands you use to configure and view protected ports on a switch. Protected ports,do not forward traffic to each other, even if they are on the same VLAN. However, protected ports can forward traffic to all unprotected ports in their group. Unprotected ports can forward traffic to both protected and unprotected ports. Ports are unprotected by default.

If an interface is configured as a protected port, and you add that interface to a Port Channel or Link Aggregation Group (LAG), the protected port status becomes operationally disabled on the interface, and the interface follows the configuration of the LAG port. However, the protected port configuration for the interface remains unchanged. Once the interface is no longer a member of a LAG, the current configuration for that interface automatically becomes effective.

switchport protected (Global Config)

Use this command to create a protected port group. The <groupid> parameter identifies the set of protected ports. Use the name <name> pair to assign a name to the protected port group. The name can be up to 32 alphanumeric characters long, including blanks. The default is blank.

NOTE: Port protection occurs within a single switch. Protected port configuration does not affect traffic between ports on two different switches. No traffic forwarding is possible between two protected ports.

no switchport protected (Global Config)

Use this command to remove a protected port group. The <groupid> parameter identifies the set of protected ports. The name keyword specifies the name to remove from the group.

switchport protected (Interface Config)

Use this command to add an interface to a protected port group. The <groupid> parameter identifies the set of protected ports to which this interface is assigned. You can only configure an interface as protected in one group.

NOTE: Port protection occurs within a single switch. Protected port configuration does not affect traffic between ports on two different switches. No traffic forwarding is possible between two protected ports.

no switchport protected (Interface Config)

Use this command to configure a port as unprotected. The <groupid> parameter identifies the set of protected ports to which this interface is assigned.

show switchport protected

This command displays the status of all the interfaces, including protected and unprotected interfaces.

The display parameters for above command are:

show interfaces switchport

This command displays the status of the interface (protected/unprotected) under the groupid.

The display parameters for above command are:

See also

Switching Commands

Port Configuration Commands

Spanning Tree Protocol (STP) Commands

VLAN Commands

Private VLAN Commands

Ethernet Ring Protection Commands

Double VLAN Commands

Voice VLAN Commands

Provider Bridge Commands

802.1AS Timesync Commands

Provisioning (IEEE 802.1p) Commands

GARP Commands

GVRP Commands

GMRP Commands

Port-Based Network Access Control Commands

Switch Port Auto-recovery (SPAR) Commands

802.1X Supplicant Commands

Storm-Control Commands

Link Local Protocol Filtering Commands

MMRP Commands

MSRP Commands

MVRP Commands

Port-Channel/LAG (802.3ad) Commands

Port Mirroring

Static MAC Filtering

DHCP L2 Relay Agent Comamnds

DHCP Client Commands

DHCP Snooping Configuration Commands

Dynamic ARP Inspection Commands

IGMP Snooping Configuration Commands

IGMP Snooping Querier Commands

MLD Snooping Commands

MLD Snooping Querier Commands

Port Security Commands

LLDP (802.1AB) Commands

LLDP-MED Commands

Denial of Service Commands

MAC Database Commands

ISDP Commands

Ethernet in the First Mile Operations and Maintenance Commands

Connectivity Fault Management Commands