OcNOS-DC : Layer 2 Guide : Layer 2 Configuration Guide : Traffic Segmentation-Protected Port
Traffic Segmentation-Protected Port
The protected port is a feature that does not forward any traffic (unicast, multicast, or broadcast) to any other port that is also a protected port. However, a protected port can communicate with an unprotected port and vice-versa.
The protected port is a feature that does not forward any traffic (unicast, multicast, or broadcast) to any other port that is also a protected port. However, a protected port can communicate with an unprotected port and vice-versa.
Protected port(isolated) to protected port(isolated) - communication is not allowed.
Protected port(isolated) to protected port(community) - communication is not allowed.
Protected port(isolated) to protected port(promiscuous) - communication is allowed.
Protected port(community) to protected port(community) - communication is allowed.
Protected port(community) to protected port(promiscuous) - communication is allowed.
Protected port(promiscuous) to protected port(promiscuous) - communication is allowed.
Unprotected port to protected port(any type) - communication is allowed.
The protected port configuration is local to the switch. This information is not propagated outside the switch. Protected ports across switches can still be able to communicate with each other.
The use of protected ports ensures that there is no exchange of unicast, broadcast, or multicast data traffic between ports on the same switch so that one neighbor does not see the traffic generated by another neighbor.
Topology
Figure 11-25 displays Traffic Segmentation-Protected Port Topology
Traffic Segmentation-Protected Port Topology
Isolated-Promiscuous Configuration
RTR1
Bridge Configuration:
 
#configure terminal
Enter configure mode.
(config)#bridge 1 protocol ieee vlan-bridge
Configure bridge
(config)#commit
Commit candidate configuration to be running configuration
VLAN Configuration:
 
#configure terminal
Enter configterminal mode
(config)#vlan database
Enter into the vlan database
(config-vlan)# vlan 30 bridge 1 state enable
Configure vlan 30 to bridge 1
(config-vlan)#commit
Commit candidate configuration to be running configuration
(config-vlan)#exit
Exit from the vlan database.
(config)#int xe1
Enter interface configuration mode for xe1
(config-if)#switchport
Configure switchport
(config-if)#bridge-group 1
Associate interface with bridge-group 1
(config-if)#switchport mode trunk
Set the switching characteristics of this interface as trunk
(config-if)#switchport trunk allowed vlan add 30
Configure vlan 30
(config-if)#switchport protected isolated
Configure interface as isolated port
(config-if)#commit
Commit candidate configuration to be running configuration
(config-if)#exit
Exit from interface
(config)#int xe2
Enter interface configuration mode for xe2
(config-if)#switchport
Configure switchport
(config-if)#bridge-group 1
Associate interface with bridge-group 1
(config-if)#switchport mode trunk
Set the switching characteristics of this interface as trunk
(config-if)#switchport trunk allowed vlan add 30
Configure vlan 30
(config-if)#switchport protected promiscuous
Configure interface as promiscuous port
(config-if)#exit
Exit from interface mode
(config)#commit
Commit the configure on the node.
Validation
RTR1
#show running-config interface xe1
!
interface xe1
switchport
switchport protected isolated
bridge-group 1
switchport mode trunk
switchport trunk allowed vlan add 30
!
#show running-config interface xe2
!
interface xe2
switchport
switchport protected promiscuous
bridge-group 1
switchport mode trunk
switchport trunk allowed vlan add 30
 
#show interface xe1
Interface xe1
Flexport: Non Control Port (Active)
Hardware is ETH Current HW addr: 80a2.353f.edb7
Physical:80a2.353f.edb7 Logical:(not set)
Forward Error Correction (FEC) configured is Auto (default)
FEC status is N/A
Port Mode is trunk
Protected Mode is Isolated
Interface index: 5001
Metric 1 mtu 1500 duplex-full link-speed 10g
Debounce timer: disable
<UP,BROADCAST,RUNNING,MULTICAST>
VRF Binding: Not bound
Label switching is disabled
No Virtual Circuit configured
Administrative Group(s): None
Bandwidth 10g
DHCP client is disabled.
Last Flapped: 2022 Jan 06 13:13:42 (00:24:53 ago)
Statistics last cleared: 2022 Jan 06 13:13:42 (00:24:53 ago)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 256 bits/sec, 0 packets/sec
RX
unicast packets 0 multicast packets 7 broadcast packets 0
input packets 7 bytes 814
jumbo packets 0
undersize 0 oversize 0 CRC 0 fragments 0 jabbers 0
input error 0
input with dribble 0 input discard 7
Rx pause 0
TX
unicast packets 0 multicast packets 749 broadcast packets 0
output packets 749 bytes 47944
jumbo packets 0
output errors 0 collision 0 deferred 0 late collision 0
output discard 0
Tx pause 0
 
#show interface xe2
Interface xe2
Flexport: Non Control Port (Active)
Hardware is ETH Current HW addr: 80a2.353f.edb9
Physical:80a2.353f.edb9 Logical:(not set)
Forward Error Correction (FEC) configured is Auto (default)
FEC status is N/A
Port Mode is trunk
Protected Mode is Promiscuous
Interface index: 5003
Metric 1 mtu 1500 duplex-full link-speed 10g
Debounce timer: disable
<UP,BROADCAST,RUNNING,MULTICAST>
VRF Binding: Not bound
Label switching is disabled
No Virtual Circuit configured
Administrative Group(s): None
Bandwidth 10g
DHCP client is disabled.
Last Flapped: Never
Statistics last cleared: 2022 Jan 06 13:15:32 (00:23:52 ago)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
RX
unicast packets 0 multicast packets 0 broadcast packets 0
input packets 0 bytes 0
jumbo packets 0
undersize 0 oversize 0 CRC 0 fragments 0 jabbers 0
input error 0
input with dribble 0 input discard 0
Rx pause 0
TX
unicast packets 0 multicast packets 4569 broadcast packets 0
input packets 4569 bytes 327802
jumbo packets 0
output errors 0 collision 0 deferred 0 late collision 0
output discard 0
Tx pause 0
Send the vlan 30 tagged traffic from traffic 1 to traffic 2,
#show interface counters rate mbps
+-------------------+--------------+-------------+--------------+-------------+
| Interface | Rx mbps | Rx pps | Tx mbps | Tx pps |
+-------------------+--------------+-------------+--------------+-------------+
Xe1 100.01 20 0.00 0
Xe2 0.00 0 100.01 20
 
 
Send the vlan 30 tagged traffic from traffic 1 to traffic 2,
#show interface counters rate mbps
+-------------------+--------------+-------------+--------------+-------------+
| Interface | Rx mbps | Rx pps | Tx mbps | Tx pps |
+-------------------+--------------+-------------+--------------+-------------+
Xe1 0.00 20 100.00 0
Xe2 100.00 0 0.00 20
Isolated-Isolated Configuration
RTR1
Bridge Configuration:
 
#configure terminal
Enter configure mode.
(config-if)#commit
Commit candidate configuration to be running configuration
(config-if)#bridge 1 protocol ieee vlan-bridge
Configure bridge
VLAN Configuration:
 
#configure terminal
Enter configterminal mode
(config)#vlan database
Enter into the vlan database
(config-vlan)# vlan 30 bridge 1 state enable
Configure vlan 30 to bridge 1
(config-vlan)#commit
Commit candidate configuration to be running configuration
(config-vlan)#exit
Exit from the vlan database.
(config)#int xe1
Enter interface configuration mode for xe1
(config-if)#switchport
Configure switchport
(config-if)#bridge-group 1
Associate interface with bridge-group 1
(config-if)#switchport mode trunk
Set the switching characteristics of this interface as trunk
(config-if)#switchport trunk allowed vlan add 30
Configure vlan 30
(config-if)#switchport protected isolated
Configure interface as isolated port
(config-if)#commit
Commit candidate configuration to be running configuration
(config-if)#exit
Exit from interface
(config)#int xe2
Enter interface configuration mode for xe2
(config-if)#switchport
Configure switchport
(config-if)#bridge-group 1
Associate interface with bridge-group 1
(config-if)#switchport mode trunk
Set the switching characteristics of this interface as trunk
(config-if)#switchport trunk allowed vlan add 30
Configure vlan 30
(config-if)#switchport protected isolated
Configure interface as isolated port
(config-if)#exit
Exit from interface mode
(config)#commit
Commit the configure on the node.
Validation
RTR1
#show running-config interface xe1
!
interface xe1
switchport
switchport protected isolated
bridge-group 1
switchport mode trunk
switchport trunk allowed vlan add 30
!
#show running-config interface xe2
!
interface xe2
switchport
switchport protected isolated
bridge-group 1
switchport mode trunk
switchport trunk allowed vlan add 30
 
#show interface xe1
Interface xe1
Flexport: Non Control Port (Active)
Hardware is ETH Current HW addr: 80a2.353f.edb7
Physical:80a2.353f.edb7 Logical:(not set)
Forward Error Correction (FEC) configured is Auto (default)
FEC status is N/A
Port Mode is trunk
Protected Mode is Isolated
Interface index: 5001
Metric 1 mtu 1500 duplex-full link-speed 10g
Debounce timer: disable
<UP,BROADCAST,RUNNING,MULTICAST>
VRF Binding: Not bound
Label switching is disabled
No Virtual Circuit configured
Administrative Group(s): None
Bandwidth 10g
DHCP client is disabled.
Last Flapped: 2022 Jan 06 13:13:42 (00:24:53 ago)
Statistics last cleared: 2022 Jan 06 13:13:42 (00:24:53 ago)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 256 bits/sec, 0 packets/sec
RX
unicast packets 0 multicast packets 7 broadcast packets 0
input packets 7 bytes 814
jumbo packets 0
undersize 0 oversize 0 CRC 0 fragments 0 jabbers 0
input error 0
input with dribble 0 input discard 7
Rx pause 0
TX
unicast packets 0 multicast packets 749 broadcast packets 0
output packets 749 bytes 47944
jumbo packets 0
output errors 0 collision 0 deferred 0 late collision 0
output discard 0
Tx pause 0
 
#show interface xe2
Interface xe2
Flexport: Non Control Port (Active)
Hardware is ETH Current HW addr: 80a2.353f.edb9
Physical:80a2.353f.edb9 Logical:(not set)
Forward Error Correction (FEC) configured is Auto (default)
FEC status is N/A
Port Mode is trunk
Protected Mode is Isolated
Interface index: 5003
Metric 1 mtu 1500 duplex-full link-speed 10g
Debounce timer: disable
<UP,BROADCAST,RUNNING,MULTICAST>
VRF Binding: Not bound
Label switching is disabled
No Virtual Circuit configured
Administrative Group(s): None
Bandwidth 10g
DHCP client is disabled.
Last Flapped: Never
Statistics last cleared: 2022 Jan 06 13:15:32 (00:23:52 ago)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
RX
unicast packets 0 multicast packets 0 broadcast packets 0
input packets 0 bytes 0
jumbo packets 0
undersize 0 oversize 0 CRC 0 fragments 0 jabbers 0
input error 0
input with dribble 0 input discard 0
Rx pause 0
TX
unicast packets 0 multicast packets 0 broadcast packets 0
output packets 0 bytes 0
jumbo packets 0
output errors 0 collision 0 deferred 0 late collision 0
output discard 0
Tx pause 0
 
Send the vlan 30 tagged traffic from traffic 1 to traffic 2,
#show interface counters rate mbps
+-------------------+--------------+-------------+--------------+-------------+
| Interface | Rx mbps | Rx pps | Tx mbps | Tx pps |
+-------------------+--------------+-------------+--------------+-------------+
Xe1 100.01 20 0.00 0
Xe2 0.00 0 0.00 0