Switchport protected – Allied Telesis AT-S95 CLI (AT-8000GS Series) User Manual

VLAN Commands

Page 347

Example

The following example gives VLAN number 19 the name Marketing.

switchport protected

The switchport protected Interface Configuration mode command enables Private VLAN Edge, by overriding the
FDB decision, and sends all Unicast, Multicast and Broadcast traffic to an uplink port. Use the no form of this
command to disable overriding the FDB decisiond.

Syntax

switchport protected {ethernet port | port-channel port-channel-number }

no switchport protected

Parameters
•

port— Specifies the uplink Ethernet port.

•

port-channel-number — Specifies the uplink port-channel.

Default Configuration

Switchport protected is disabled.

Command Mode

Interface Configuration (Ethernet, port-channel) mode

User Guidelines

Private VLAN Edge (PVE) supports private communication by isolating PVE-defined ports and ensuring that all
Unicast, Broadcast and Multicast traffic from these ports is only forwarded to uplink port(s).

PVE requires only one VLAN on each device, but not on every port; this reduces the number of VLANs required
by the device. Private VLANs and the default VLAN function simultaneously in the same device.

The uplink must be a GE port.

Example

This example configures ethernet port 1/g8 as a protected port, so that all traffic is sent to its uplink (ethernet port
1/g9).

console(config)# interface vlan 19

console(config-if)# name Marketing

console(config)# interface ethernet 1/g8

console(config-if)# switchport forbidden vlan add 234-256

console(config-if)# exit

console(config)# interface ethernet 1/g9

console(config-if)# switchport protected ethernet 1/g1