Port isolation for restricting traffic flow on layer 2 switches
First Claim
1. A method for isolating a plurality of ports on a layer 2 switch, comprising:
- configuring each of said plurality of ports by a user on said layer 2 switch as a protected port or a non-protected port;
matching a destination address on a data packet with a physical address on said layer 2 switch, said data packet received by an ingress port;
generating a forwarding map for said data packet based upon said destination address on said data packet; and
sending said data packet to said plurality of ports pursuant to said forwarding map.
1 Assignment
0 Petitions
Accused Products
Abstract
This invention provides for an apparatus and method to isolate ports on layer 2 switches on the same VLAN to restrict traffic flow. The apparatus comprises a switch having said plurality of ports, each port configured as a protected port or a non-protected port. An address table memory stores an address table having a destination address and port number pair. A forwarding map generator generates a forwarding map which is responsive to a destination address of a data packet. The method for isolating ports on a layer 2 switch comprises configuring each of the ports on the layer 2 switch as a protected port or a non-protected port. A destination address on an data packet is matched with a physical address on said layer 2 switch and a forwarding map is generated for the data packet based upon the destination address on the data packet. The data packet is then sent to the plurality of ports pursuant to the forwarding map generated based upon whether the ingress port was configured as a protected or nonprotected port.
-
Citations
2 Claims
-
1. A method for isolating a plurality of ports on a layer 2 switch, comprising:
-
configuring each of said plurality of ports by a user on said layer 2 switch as a protected port or a non-protected port;
matching a destination address on a data packet with a physical address on said layer 2 switch, said data packet received by an ingress port;
generating a forwarding map for said data packet based upon said destination address on said data packet; and
sending said data packet to said plurality of ports pursuant to said forwarding map.
-
-
2-27. -27. (canceled)
Specification