For this purpose, the PVLAN feature can be used. (This feature is discussed in
more detail later in this chapter.)
The PVLAN edge offers the following features:
The switch will not forward traffic (unicast, multicast, or broadcast) between ports that are configured as
protected. Data traffic must be routed via a Layer 3 device between the protected ports.
Control traffic, such as routing protocol updates, is an exception and will be forwarded between protected
ports.
Forwarding behavior between a protected port and a nonprotected port proceeds normally per default
behavior.
By default, no ports are configured as protected. Example 4-1 shows how to enable and verify switch ports that
are configured for the protected port feature.
Example 4-1. Configuring the Protected Port Feature
Switch(config)# interface Fastethernet0/1
Switch(config-if)# switchport protected
Switch(config-if)# end
Switch# show interfaces FastEthernet 0/1 switchport
Name: Fa0/1
Switchport: Enabled
Administrative Mode: static access
...
Protected: true
Private VLAN (PVLAN)
As discussed in the "Protected Ports (PVLAN Edge") section, the PVLAN feature prevents interhost
communications providing port-based security among adjacent ports within a VLAN across one or more
switches.
Pages:
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169