Справочник Пользователя для Cisco Systems 2960
23-7
Catalyst 2960 and 2960-S Switch Software Configuration Guide
OL-8603-09
Chapter 23 Configuring Port-Based Traffic Control
Configuring Port Blocking
Protected Port Configuration Guidelines
You can configure protected ports on a physical interface (for example, Gigabit Ethernet port 1) or an
EtherChannel group (for example, port-channel 5). When you enable protected ports for a port channel,
it is enabled for all ports in the port-channel group.
EtherChannel group (for example, port-channel 5). When you enable protected ports for a port channel,
it is enabled for all ports in the port-channel group.
Configuring a Protected Port
Beginning in privileged EXEC mode, follow these steps to define a port as a protected port:
To disable protected port, use the no switchport protected interface configuration command.
This example shows how to configure a port as a protected port:
Switch# configure terminal
Switch(config)# interface gigabitethernet0/1
Switch(config-if)# switchport protected
Switch(config-if)# end
Configuring Port Blocking
By default, the switch floods packets with unknown destination MAC addresses out of all ports. If
unknown unicast and multicast traffic is forwarded to a protected port, there could be security issues. To
prevent unknown unicast or multicast traffic from being forwarded from one port to another, you can
block a port (protected or nonprotected) from flooding unknown unicast or multicast packets to other
ports.
unknown unicast and multicast traffic is forwarded to a protected port, there could be security issues. To
prevent unknown unicast or multicast traffic from being forwarded from one port to another, you can
block a port (protected or nonprotected) from flooding unknown unicast or multicast packets to other
ports.
Note
With multicast traffic, the port blocking feature blocks only pure Layer 2 packets. Multicast packets that
contain IPv4 or IPv6 information in the header are not blocked.
contain IPv4 or IPv6 information in the header are not blocked.
These sections contain this configuration information:
•
•
Command
Purpose
Step 1
configure terminal
Enter global configuration mode.
Step 2
interface interface-id
Specify the interface to be configured, and enter interface
configuration mode.
configuration mode.
Step 3
switchport protected
Configure the interface to be a protected port.
Step 4
end
Return to privileged EXEC mode.
Step 5
show interfaces interface-id switchport
Verify your entries.
Step 6
copy running-config startup-config
(Optional) Save your entries in the configuration file.