How to Configure Protected Ports (Switching)

We have two computers, one switch and one server,everything is in one VLAN and the two computers and server can communicate with each other.

For security reason we have to block computer A and computer B from communicating each other.But both Computer A and Computer B can communicate with server.In such scenario we can use protected ports.By default all ports are unprotected ports. 

"After enabling protected ports, the ports we configured protected ports cant communicate each other.protected ports can communicate with Unprotected Ports"

Simply we can say 

Protected port <--> Unprotected = working
Protected port <--> Protected port = not working

Configuration 

Switch(config)#interface <Interface Name>
Switch(config-if)#switchport protected
Switch(config-if)#end

Configure "Switchport protected" command on both interfaces where computer A and Computer B is connected.Then we can say interfaces connected to ComputerA and ComputerB are protected. Interface connected to SERVER  is still unprotected.You can verify the working of protected ports by pinging each other.Also we can verify it by using below show command

#show interfaces <Interface Name>  switchport
#show interfaces <Interface Name> switchport | include Protected

Related articles

• VLAN explained with Interview Questions
• CCNA / CCNP Interview questions
• General concept of networking with interview questions
• VLAN Trunking Protocol (VTP) explained with Interview Questions