Private Edge VLANs
Use the Private Edge VLAN feature to prevent ports on the switch from forwarding traffic to each other
even if they are on the same VLAN.
•
Protected ports cannot forward traffic to other protected ports in the same group, even if they have the
same VLAN membership. Protected ports can forward traffic to unprotected ports.
•
Unprotected ports can forward traffic to both protected and unprotected ports.
You can also configure groups of protected ports, but unprotected ports are independent and cannot be
added to a group. Each group's configuration consists of a name and a mask of ports. A port can belong
to only one set of protected ports, but an unprotected port can be added to a group as a protected port.
The group name is configurable by the network administrator.
Use the switchport protected command to designate a port as protected. Use the show
switchport protected command to display a listing of the protected ports.
CLI Example
Example #1: Configuring a Protected Port
The commands in this example name the protected port group 1 "PP_Test" and assign ports 1 and 2 to
the group.
console(config)#switchport protected 1 name PP_Test
console(config)#interface ethernet 1/g17
console(config-if-1/g17)#switchport protected 1
console(config-if-1/g17)#exit
console(config)#interface ethernet 1/g18
console(config-if-1/g18)#switchport protected 1
console(config-if-1/g18)#exit
console(config)#exit
Example #2: Viewing Protected Port Group 1
console#show switchport protected 1
Name......................................... "PP_Test"
1/g17, 1/g18
Switching Configuration
31