What’s a Protected Switchport?

Today I came across the command ‘switchport protected.’ I didn’t know what that meant, so I looked it up. Cisco’s documentation can be found here. To put it simply, protected ports are a poor man’s isolated private VLAN. Two (or more) protected ports cannot speak to each other at Layer 2 on the same switch. However, they can speak to unprotected ports without a problem, and if traffic from one port bounces off a L3 device it can then reach other protected ports. Also, the protection status is local to a switch. Host A on SwitchA’s protected port 1 can still talk to Host B on SwitchB’s protected port 1 as long as there’s a trunk between the switches.

Dynamips & Multiple NM-16ESWs

I’ve been playing with Dynamips/GNS3 quite a bit lately. My current topology has 16 routers, some serving as Frame Relay routers, other as SP backbone routers, and others as switches via the NM-16ESW module. I found it easier to logically separate the connections to routers from the connections to other switches by using two EtherSwitch modules. I used the first one (Fa1/0 – 15) to connect to routers, and the second one (Fa2/0 – 15) to connect to the other switches. For some reason, I could never get the switches to talk to each other.

Read more