Through the port isolation feature, you can
add the ports to be controlled into an isolation group to isolate the Layer 2
and Layer 3 data between each port in the isolation group. Thus, you can construct
your network in a more flexible way and improve your network security.
Currently, an S3100-52P Ethernet Switch
supports only one isolation group, but does not limit the number of Ethernet
ports in the unique isolation group.
Port isolation is independent
of VLAN configuration.
1.2 Port Isolation Configuration
You can perform the following operations to
add individual Ethernet ports to the isolation group, thus isolating Layer 2 and
Layer 3 data between each port in the isolation group.
Table 1-1 Configure port isolation
|
Operation
|
Command
|
Description
|
|
Enter system view
|
system-view
|
—
|
|
Enter Ethernet port view
|
interface interface-type interface-number
|
—
|
|
Add the Ethernet port to the isolation
group
|
port isolate
|
Required
By default, an isolation group contains
no port.
|
When the port
isolate command or the undo port isolate command is executed on a
member port of an aggregation group, the other ports in the same aggregation
group on the local device will be added to or removed from the isolation group together
at the same time.
1.3 Displaying Port Isolation Configuration
After the above configuration, you can execute
the display command in any view to display the result of your port
isolation configuration, thus verifying your configuration.
Table 1-2 Display
port isolation configuration
|
Operation
|
Command
|
Description
|
|
Display information about the Ethernet
ports added to the isolation group
|
display isolate port
|
You can execute the display
command in any view.
|
I. Network requirements
l
PC2, PC3 and PC4 connect to the switch ports Ethernet1/0/2,
Ethernet1/0/3, and Ethernet1/0/4 respectively.
l
The switch connects to the Internet through
Ethernet1/0/1.
l
It is desired that PC2, PC3 and PC4 are isolated
from each other so that they cannot communicate with each other.
II. Network diagram
Figure 1-1 Network diagram for port isolation
configuration
III. Configuration procedure
# Add
Ethernet1/0/2, Ethernet1/0/3, and Ethernet1/0/4 to the isolation group.
<H3C>
system-view
System
View: return to User View with Ctrl+Z.
[H3C]
interface ethernet1/0/2
[H3C-Ethernet1/0/2]
port isolate
[H3C-Ethernet1/0/2] quit
[H3C] interface ethernet1/0/3
[H3C-Ethernet1/0/3] port isolate
[H3C-Ethernet1/0/3] quit
[H3C] interface ethernet1/0/4
[H3C-Ethernet1/0/4] port isolate
[H3C-Ethernet1/0/4] quit
[H3C] quit
# Display information about the ports in
the isolation group.
<H3C> display isolate port
Isolated port(s) on UNIT 1:
Ethernet1/0/2, Ethernet1/0/3,
Ethernet1/0/4
