For example, configure interface
FastEthernet 1/10 as a PVLAN promiscuous port, and map it to a private-secondary PVLAN pair.
Hostname(config)# interface Fastethernet 1/10
Hostname(config-if)# switchport mode private-vlan promiscuous
Hostname(config-if)# switchport private-vlan mapping 101 201-202,301
Use the show interface private-vlan mapping command and the show interface [interface-id]
switchport command to verify the configuration.
Port Blocking
When a packet arrives at the switch, the switch performs a lookup for the destination MAC address in the MAC
address table to determine which port it will use to send the packet out to send on. If no entry is found in the
MAC address table, the switch will broadcast (flood) unknown unicast or multicast traffic out to all the ports in
the same VLAN (broadcast domain). Forwarding an unknown unicast or multicast traffic to a protected port
could raise security issues.
Unknown unicast or multicast traffic can be blocked from being forwarded by using the port blocking feature.
To configure port blocking for unknown unicast and multicast flooding, use the following procedures:
The switchport block multicast interface configuration command to block unknown multicast forwarding
to a port
The switchport block unicast interface configuration command to block unknown unicast forwarding to a
port
The show interfaces {interface} switchport command to validate the port blocking configuration
By default, ports are not configured in blocking mode.
Pages:
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176