Login
- Table of Contents
-
- 02-Layer 2-LAN Switching Configuration Guide
- 00-Preface
- 01-Ethernet interface configuration
- 02-Loopback and null interface configuration
- 03-Bulk interface configuration
- 04-MAC address table configuration
- 05-Ethernet link aggregation configuration
- 06-Port isolation configuration
- 07-Spanning tree configuration
- 08-BPDU tunneling configuration
- 09-VLAN configuration
- 10-GVRP configuration
- 11-LLDP configuration
- 12-Service loopback group configuration
- 13-MVRP configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 06-Port isolation configuration | 68.41 KB |
Assigning ports to the isolation group
Displaying and maintaining the isolation group
Port isolation configuration example
Port isolation enables isolating Layer 2 traffic for data privacy and security without using VLANs. You can also use this feature to isolate the hosts in a VLAN from one another.
The device supports only one isolation group that is created automatically by the system as isolation group 1. You can neither remove the isolation group nor create other isolation groups on the device.
The number of ports assigned to the isolation group is not limited.
Within the same VLAN, Layer 2 data transmission between ports within and outside the isolation group is supported.
Assigning ports to the isolation group
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
1. Enter interface view or port group view. |
·
Enter Layer 2 Ethernet interface view: ·
Enter Layer 2 aggregate interface view: ·
Enter port group view: |
Use one of the commands. · In Layer 2 Ethernet interface view, configurations apply only to the port. · In Layer 2 aggregate interface view, configurations apply to the Layer 2 aggregate interface and all its member ports. · In port group view, configurations apply to all ports in the port group. |
|
2. Assign the ports to the isolation group. |
port-isolate enable |
No ports are assigned to the isolation group by default. |
|
|
NOTE: After you configure a command on a Layer 2 aggregate interface, the system starts applying the configuration to the aggregate interface and its aggregation member ports. If the system fails to do that on the aggregate interface, it stops applying the configuration to the aggregation member ports. If it fails to do that on an aggregation member port, it simply skips the port and moves to the next port. |
Displaying and maintaining the isolation group
|
Task |
Command |
Remarks |
|
Display isolation group information. |
display port-isolate group [ | { begin | exclude | include } regular-expression ] |
Available in any view. |
Port isolation configuration example
Network requirements
As shown in Figure 1, GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, GigabitEthernet 1/0/3, and GigabitEthernet 1/0/4 are in the same VLAN.
Configure the device to provide Internet access for LAN users Host A, Host B, and Host C, and isolate them from one another at Layer 2.
Configuration procedure
# Assign ports GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 to the isolation group.
<Device> system-view
[Device] interface gigabitethernet 1/0/1
[Device-GigabitEthernet1/0/1] port-isolate enable
[Device-GigabitEthernet1/0/1] quit
[Device] interface gigabitethernet 1/0/2
[Device-GigabitEthernet1/0/2] port-isolate enable
[Device-GigabitEthernet1/0/2] quit
[Device] interface gigabitethernet 1/0/3
[Device-GigabitEthernet1/0/3] port-isolate enable
# Display information about the isolation group.
<Device> display port-isolate group
Port-isolate group information:
Uplink port support: NO
Group ID: 1
Group members:
GigabitEthernet1/0/1 GigabitEthernet1/0/2 GigabitEthernet1/0/3
