I have 2 1234 switches linked together and I've applied port protection to all 24 10/100 ports including the additional four gig ports for both switches. I cannot ping a device on a 10/100 port when I'm connected via a 10/100 port (I'm assuming because port protection is enabled) however when I plug into a gig port (which is port enabled) I can ping devices on 10/100 ports.. How is this possible and what is the best solution to prevent devices from seeing each other? Thanks in advance.
After troubleshooting with you on the ADTRAN Technical Support ticket you created, we verified that the reason you could ping protected ports from the gigabit ports was because the gigabit ports were configured in trunk mode (this is different than the configuration you attached above).
Switchport protected only works for ports that are set to access mode. It is not possible to protect a port that is configured for trunking. Also, when in access mode, a protected port will only communicate with an unprotected port in the same VLAN.
I went ahead and marked this post as "assumed answered." Feel free to mark any correct or helpful answers from this post. If you still need assistance with this issue I would be more than happy to help, just let me know in a reply.
Levi
clearman:
Thank you for asking this question in the Support Community. There are several reasons why this might be happening, but most likely I will need to see a copy of your configuration to assist you further. You can reply to this post and attach the configuration, but please remove any information that might be sensitive to your organization.
Note: the documents Configuring Port Isolation (Protected Ports) in AOS and Configuring Port Access Control in AOS provide detailed information about the topic of configuring and troubleshooting port isolation (protected ports).
Levi
Just a newbee but, I thought the Gig ports were in trunk mode by default. He would need to set as access to be able to use Port Isolation in that manner.
Mike
After troubleshooting with you on the ADTRAN Technical Support ticket you created, we verified that the reason you could ping protected ports from the gigabit ports was because the gigabit ports were configured in trunk mode (this is different than the configuration you attached above).
Switchport protected only works for ports that are set to access mode. It is not possible to protect a port that is configured for trunking. Also, when in access mode, a protected port will only communicate with an unprotected port in the same VLAN.
I went ahead and marked this post as "assumed answered." Feel free to mark any correct or helpful answers from this post. If you still need assistance with this issue I would be more than happy to help, just let me know in a reply.
Levi
Thank you for posting in the Support Community. I have one correction on your statement. The gigabit ports are not set to trunk mode by default. They are set to switchport access mode. However, you are correct that ports do need to be configured as switchport access mode for Port Isolation (protected ports) to function properly.
Levi
I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post and unmark it and select another in its place with the applicable buttons. If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.
Thanks,
Levi