Through the port isolation feature, you can
add the ports to be controlled into an isolation group to isolate the Layer 2
and Layer 3 data between each port in the isolation group. Thus, you can construct
your network in a more flexible way and improve your network security.
Currently, you can create only one isolation
group on an S3100 Series Ethernet switch. The number of Ethernet ports in an isolation
group is not limited.
l
An isolation group only isolates the member
ports in it.
l
Port isolation is independent of VLAN
configuration.
1.2 Port Isolation Configuration
You can perform the following operations to
add an Ethernet ports to an isolation group, thus isolating Layer 2 and Layer 3
data among the ports in the isolation group.
Table 1-1 Configure port isolation
|
Operation
|
Command
|
Description
|
|
Enter system view
|
system-view
|
—
|
|
Enter Ethernet port view
|
interface interface-type interface-number
|
—
|
|
Add the Ethernet port to the isolation
group
|
port isolate
|
Required
By default, an isolation group contains
no port.
|
l
When a member port of an aggregation group
joins/leaves an isolation group, the other ports in the same aggregation group on
the local device will join/leave the isolation group at the same time.
l
For ports that belong to an aggregation group and
an isolation group simultaneously, removing a port from the aggregation group
has no effect on the other ports. That is, the rest ports remain in the
aggregation group and the isolation group.
l
Ports that belong to an aggregation group and an
isolation group simultaneously are still isolated even when you remove the
aggregation group in system view.
l
Adding a port of an isolation group to an aggregation
group causes all the ports in the aggregation group being added to the
isolation group.
1.3 Displaying Port Isolation Configuration
After the above configuration, you can execute
the display command in any view to display the result of your port isolation
configuration, thus verifying your configuration.
Table 1-2 Display
port isolation configuration
|
Operation
|
Command
|
Description
|
|
Display information about the Ethernet
ports added to the isolation group
|
display isolate port
|
You can execute the display
command in any view.
|
I. Network requirements
l
PC2, PC3 and PC4 connect to the switch ports Ethernet1/0/2,
Ethernet1/0/3, and Ethernet1/0/4 respectively.
l
The switch connects to the Internet through
Ethernet1/0/1.
l
It is desired that PC2, PC3 and PC4 are isolated
from each other so that they cannot communicate with each other.
II. Network diagram
Figure 1-1 Network diagram for port isolation
configuration
III. Configuration procedure
# Add Ethernet1/0/2, Ethernet1/0/3, and
Ethernet1/0/4 to the isolation group.
<Sysname> system-view
System View: return to User View with
Ctrl+Z.
[Sysname] interface ethernet1/0/2
[Sysname-Ethernet1/0/2] port isolate
[Sysname-Ethernet1/0/2] quit
[Sysname] interface ethernet1/0/3
[Sysname-Ethernet1/0/3] port isolate
[Sysname-Ethernet1/0/3] quit
[Sysname] interface ethernet1/0/4
[Sysname-Ethernet1/0/4] port isolate
[Sysname-Ethernet1/0/4] quit
[Sysname] quit
# Display information about the ports in
the isolation group.
<Sysname> display isolate port
Isolated port(s) on UNIT 1:
Ethernet1/0/2, Ethernet1/0/3,
Ethernet1/0/4
