[c-nsp] Switchport protected trunk links

Keegan Holley keegan.holley at sungard.com
Wed Apr 13 04:52:40 EDT 2011


On Tue, Apr 12, 2011 at 2:47 PM, Adam Piasecki
<apiasecki at midatlanticbb.com>wrote:

> If i have switch with two trunk ports. I want to switchport protect both
> the trunk links.. I have another trunk port for the uplink.
>

It's kind of hard to answer without any background info.  It seems like you
want to keep traffic coming in one trunk link from going out another if I
had to guess.  I've never used sw protect on a trunk link.  Assuming it's
supported I would be concerned with blocking spanning-tree bpdu's and other
control traffic.  There could also be additional issues based on your
topology.

>
> However, i only want to switch port protect a certain vlan on the trunk
> ports, for example. VLAN 32 is on both of the remote switches at the other
> end of the trunk port.. Vlan32 would be protected between the trunk ports on
> the main switch and all other vlans would be able to pass.
>

you would need private vlans to do something like this.  Even then it
wouldn't be clean and only supported on certain platforms. Sw protect is
only at the port level though.

>
> I don't think Cisco has a solution for this right now. I think i have to
> create two separate vlans (vlan 32,vlan 33) on the two switches connected to
> the trunk ports.
>
> I wish there was a command like.. "switchport protect vlan 32"
>

You could do vlan acl's depending on what you're trying to accomplish.


More information about the cisco-nsp mailing list