08-Port Isolation Operation

Download

Table of Contents

Chapter 1 Port Isolation Configuration. 1-1

1.1 Port Isolation Overview. 1-1

1.1.1 Introduction to Port Isolation. 1-1

1.1.2 Port Isolation and Port Aggregation. 1-1

1.2 Port Isolation Configuration. 1-1

1.3 Displaying Port Isolation. 1-2

1.4 Port Isolation Configuration Example. 1-2

 

Chapter 1  Port Isolation Configuration

1.1  Port Isolation Overview

1.1.1  Introduction to Port Isolation

The port isolation function enables you to isolate the ports to be controlled on Layer 2 by adding the ports to an isolation group, through which you can improving network security and network in a more flexible way.

Currently, a device has only one isolation group. The number of Ethernet ports an isolation group can accommodate is not limited.

 

&  Note:

The port isolation function is independent of the VLANs which the Ethernet ports belongs to.

 

1.1.2  Port Isolation and Port Aggregation

When a member port of an aggregation group is added to an isolation group, the other ports in the same aggregation group are added to the isolation group automatically.

1.2  Port Isolation Configuration

Table 1-1 lists the operations to add an Ethernet ports to an isolation group.

Table 1-1 Configure port isolation

Operation

Command

Description

Enter system view

system-view

Enter Ethernet port view

interface interface-type interface-num

Add the Ethernet port to the isolation group

port isolate

Required

By default, an isolation group contains no port.

 

1.3  Displaying Port Isolation

After the above configuration, you can execute the display command in any view to display the information about the Ethernet ports added to the isolation group.

Table 1-2 Display port isolation

Operation

Command

Display the information about the Ethernet ports added to the isolation group.

display isolate port

 

1.4  Port Isolation Configuration Example

I. Network requirements

l           PC 2, PC 3 and PC 4 are connected to Ethernet1/0/2, Ethernet1/0/3 and Ethernet1/0/4 ports.

l           The switch connects to the Internet through Ethernet1/0/1 port.

l           It is desired that PC 2, PC 3 and PC 4 cannot communicate with each other.

II. Network diagram

Figure 1-1 Network diagram for port isolation configuration

III. Configuration procedure

# Add Ethernet1/0/2, Ethernet1/0/3 and Ethernet1/0/4 ports to the isolation group.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] interface ethernet1/0/2

[H3C-Ethernet1/0/2] port isolate

[H3C-Ethernet1/0/2] quit

[H3C] interface ethernet1/0/3

[H3C-Ethernet1/0/3] port isolate

[H3C-Ethernet1/0/3] quit

[H3C] interface ethernet1/0/4

[H3C-Ethernet1/0/4] port isolate

[H3C-Ethernet1/0/4] quit

[H3C]

# Display the information about the ports in the isolation group.

<H3C> display isolate port

Isolated port(s) on UNIT 1:

 Ethernet1/0/2, Ethernet1/0/3, Ethernet1/0/4