Controlling user to user traffic

The Ethernet protocol was designed to allow direct user-user layer 2 communication, when both users are situated on a common broadcast domain. There might be requirements where, in an untrusted domain, there is a need to prevent the users in the same broadcast domain from communicating with each other. This is achieved using a feature called private VLAN, or PVLAN, sometimes also referred to as protected port feature. This feature effectively disables direct layer 2 communication between protected ports and also VLANs within trunks if the feature is applied to a trunk interface. Only communication is allowed with the router port for the traffic from users to go out of the LAN. PVLAN prevents any sniffing of ...

Get Implementing Cisco Networking Solutions now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.