Protected Ports (PVLAN Edge)
In some arrangement environments, there is a claim for no cartage to be apparent or forwarded amid host(s) on
the aforementioned LAN segment, thereby preventing interhost communications. The PVLAN bend affection accoutrement this
isolation by creating a firewall-like barrier, thereby blocking any unicast, broadcast, or multicast cartage among
the adequate ports on the switch. Note that the acceptation of the adequate anchorage affection is bound to the local
switch, and there is no accouterment in the PVLAN bend affection to abstract cartage amid two "protected" ports
located on altered switches. For this purpose, the PVLAN affection can be used. (This affection is discussed in
more detail after in this chapter.)
The PVLAN bend offers the afterward features:
The about-face will not advanced cartage (unicast, multicast, or broadcast) amid ports that are configured as
protected. Data cartage charge be baffled via a Layer 3 accessory amid the adequate ports.
Control traffic, such as acquisition agreement updates, is an barring and will be forwarded amid protected
ports.
Forwarding behavior amid a adequate anchorage and a nonprotected anchorage gain commonly per default
behavior.
By default, no ports are configured as protected. Example 4-1 shows how to accredit and verify about-face ports that
are configured for the adequate anchorage feature.
Example 4-1. Configuring the Adequate Anchorage Feature
Switch(config)# interface Fastethernet0/1
Switch(config-if)# switchport protected
Switch(config-if)# end
Switch# appearance interfaces FastEthernet 0/1 switchport
Name: Fa0/1
Switchport: Enabled
Administrative Mode: changeless access
...
Protected: true