H3C Low-End and Mid-Range IPv6 Ethernet Switches Configuration Guide(V1.00)
download
>

Table of Contents

39-Port Isolation Configuration Guide

Download

Table of Contents

Chapter 1 Port Isolation Configuration Guide. 1-1

1.1 Port Isolation. 1-1

1.2 Configuring Port Isolation. 1-1

1.2.1 Network Diagram.. 1-1

1.2.2 Applicable Product Matrix. 1-2

1.2.3 Configuration Procedure. 1-2

1.2.4 Complete Configuration. 1-2

1.2.5 Configuration Guidelines. 1-3

 

Chapter 1  Port Isolation Configuration Guide

1.1  Port Isolation

To isolate Layer 2 packets, you can add different ports to different VLANs. However, this will consume the limited VLAN resources. You can use the port isolation feature to isolate ports in the same VLAN. With port isolation, you can isolate ports within the same VLAN by assigning them to isolation groups. The port isolation function provides more secure and more flexible networking schemes.

1.2  Configuring Port Isolation

1.2.1  Network Diagram

Figure 1-1 Networking diagram for port isolation configuration

l           As shown in Figure 1-1, users Host A, Host B, and Host C are connected to GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 of Device.

l           Device is connected to the Internet through GigabitEthernet 1/0/4.

l           GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, GigabitEthernet 1/0/3, and GigabitEthernet 1/0/4 belong to the same VLAN. It is desired that Host A, Host B, and Host C cannot communicate with each other at Layer 2, but can access the Internet.

1.2.2  Applicable Product Matrix

Product series

Software version

Hardware version

S3610 series Ethernet switches

Release 5301

All versions

S5510 series Ethernet switches

Release 5301

All versions

S5500-SI series Ethernet switches

Release 1207

All versions except S5500-20TP-SI

Release 1301

S5500-20TP-SI

S5500-EI series Ethernet switches

Release 2102

All versions

S7500E series Ethernet switches

Release 6100

All versions

 

1.2.3  Configuration Procedure

# Add ports GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 to the isolation group.

<Device> system-view

[Device] interface GigabitEthernet1/0/1

[Device-GigabitEthernet1/0/1] port-isolate enable

[Device-GigabitEthernet1/0/1] quit

[Device] interface GigabitEthernet1/0/2

[Device-GigabitEthernet1/0/2] port-isolate enable

[Device-GigabitEthernet1/0/2] quit

[Device] interface GigabitEthernet1/0/3

[Device-GigabitEthernet1/0/3] port-isolate enable

# Display the information about the isolation group.

<Device> display port-isolate group

 Port-isolate group information:

 Uplink port support: NO

 Group ID: 1

    GigabitEthernet1/0/1     GigabitEthernet1/0/2     GigabitEthernet1/0/3

1.2.4  Complete Configuration

#

interface GigabitEthernet1/0/1

 port-isolate enable

#

interface GigabitEthernet1/0/2

 port-isolate enable

#

interface GigabitEthernet1/0/3

 port-isolate enable

1.2.5  Configuration Guidelines

1)         Currently some devices support only one isolation group that is created automatically by the system as isolation group 1. You can neither remove the isolation group nor create other isolation groups on such devices.

2)         There is no restriction on the number of ports to be assigned to an isolation group.

3)         Bidirectional Layer 2/Layer 3 data transmission between ports within and outside the isolation group is supported, but that between ports within the isolation group is not supported.