Some applications require that no traffic be forwarded at Layer 2 between ports on the same switch so that one neighbor does not see the traffic generated by another neighbor. In such an environment, the use of the Private VLAN (PVLAN) Edge feature, also known as protected ports, ensures that there is no exchange of unicast, broadcast, or multicast traffic between these ports on the switch (Figure 1).
The PVLAN Edge feature has the following characteristics:
- A protected port does not forward any traffic (unicast, multicast, or broadcast) to any other port that is also a protected port, except for control traffic. Data traffic cannot be forwarded between protected ports at Layer 2.
- Forwarding behavior between a protected port and a nonprotected port proceeds as usual.
- Protected ports must be manually configured.
To configure the PVLAN Edge feature, enter the switchport protected command in interface configuration mode (Figure 2). To disable protected port, use the no switchport protected interface configuration mode command. To verify the configuration of the PVLAN Edge feature, use the show interfaces interface-id switchport global configuration mode command.
Use the Syntax Checker in Figure 3 to configure the PVLAN Edge feature on interface G0/1 and verify the configuration.