Embodiments for a method of implementing multiple domains in a network switching device are disclosed. The method includes assigning a plurality of hardware ports to a plurality of domains. Ports are assigned to at least two of the plurality of domains, and none of the ports are concurrently assigned to multiple domains. The method also includes loading rules for forwarding packets between the plurality of ports into a data plane. The rules direct the data plane to forward only between ports in a common domain of the plurality of domains. The method also includes assuring that a packet received at any port assigned to a first domain is not sent in legible form from any port assigned to a second domain if an error causes the data plane to forward or request forwarding the packet to any port assigned to a second domain.