Example 145 Verifying Protected Ports

3550_switch#show interfaces fast 0/7 switchport

Name: Fa0/7 Switchport: Enabled

Administrative Mode: static access Operational Mode: static access

Administrative Trunking Encapsulation: negotiate Operational Trunking Encapsulation: native Negotiation of Trunking: Off Access Mode VLAN: 100 (psv2_vlan100)

Trunking Native Mode VLAN: 1 (default) Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2-1001 Protected: true

Unknown unicast blocked: disabled Unknown multicast blocked: disabled

Voice VLAN: none (Inactive) Appliance trust: none

The Catalyst 3550 switch floods packets with unknown destination MAC addresses to all ports by de unknown unicast and multicast traffic is forwarded to a protected port, there could be security issue unkn own unica st or multicast traffic fro m being fo rwarded from one port to another, you can config (protected or nonprotected ) to b l ock unknown unicast or multicast packets. Use the following interl commands to block unknown unicast and multicast traffic:

3550_switch(config-if)#switchport block unicast 3550_switch(config-if)#switchport block multicast

If unicast or st blocking is enab l gd, it would appea r in the show ew itc hport command as en listed is the preceding example.

0 0

Post a comment