We have turned on Protected Ports feature on two switches (PowerConnect 6248). All is working as expected (our goal was to separate ports, see more on http://en.community.dell.com/support-forums/network-switches/f/866/t/19518231.aspx), but there is unexpected strange behavior.
The sub-switches which are directly connected to PowerConnect learns some (but not all) MAC addresses from devices which are connected to different PowerConnect ports.
Our network is as follows:
PCs are connected to 3Com and DLink switches. 3Com and DLink switches mainly are direct connected to PowerConnect. We have two separate PowerConnect switches. PCs groups on 3Com and DLink switches should not see each other (they should be completely separated).
On PowerConnectA
(PC1, PC2, PC3) --- 3COM switch1 --- PowerConnectA g1
(PC4, PC5, PC6) --- 3COM switch2 --- PowerConnectA g2
On PowerConnectB
(PC7, PC8, PC9) --- DLink switch1 --- PowerConnectB g1
(PC10, PC11, PC12) --- DLink switch2--- PowerConnectB g2
(PC13, PC14, PC15) --- DLink switch3 --- DLink switch4 g1 --- PowerConnectB g3
(PC16, PC17, PC18) --- DLink switch5 --- DLink switch4 g2 --- PowerConnectB g3
On DLink switch4 also Private VLAN Edge feature is turned on.
PCs from one group can not PING PCs from another group (for example PC1 can PING PC2, but can not PING PC4). 3Com switch1 can not PING 3Com switch2. All - as expected.
BUT... For some unknown reason 3Com switch1 on up-link port has learned PC4 MAC and PC5 MAC (despite PowerConnectA g1 should not see PowerConnectA g2 MACs). The same problem exists on 3Com switch2, DLink switch1 and DLink switch2 up-link ports.
We have done a lot of testing and it seems like a bug.
Buy the way if we look at this configuration:
(PC13, PC14, PC15) --- DLink switch3 --- DLink switch4 g1 --- PowerConnectB g3
(PC16, PC17, PC18) --- DLink switch5 --- DLink switch4 g2 --- PowerConnectB g3
where another DLink switch4 is in between with Private VLAN Edge feature for every down-link port turned on, there is no such problem. DLink switch2 up-link port has not learned any of PC13, PC14, PC15, PC16, PC17, PC18 MACs. But DLink switch2 has learned PC7 MAC (!), which comes from PowerConnectB g1 port.