11-Port Isolation Operation

Download

Table of Contents

Chapter 1 Port Isolation Configuration. 1-1

1.1 Port Isolation Overview. 1-1

1.2 Port Isolation Configuration. 1-1

1.3 Displaying Port Isolation Configuration. 1-2

1.4 Port Isolation Configuration Example. 1-2

 

Chapter 1  Port Isolation Configuration

1.1  Port Isolation Overview

Through the port isolation feature, you can add the ports to be controlled into an isolation group to isolate the Layer 2 and Layer 3 data between each port in the isolation group. Thus, you can improve the network security and network in a more flexible way.

Currently, you can configure only one isolation group on a switch. The number of Ethernet ports an isolation group can accommodate is not limited.

 

&  Note:

The port isolation function is independent of VLAN configuration.

 

1.2  Port Isolation Configuration

Table 1-1 lists the operations to add an Ethernet port to an isolation group to isolate Layer 2 and Layer 3 data between each port in the isolation group.

Table 1-1 Configure port isolation

Operation

Command

Description

Enter system view

system-view

Enter Ethernet port view

interface interface-type interface-number

Add the Ethernet port to the isolation group

port isolate

Required

By default, an isolation group contains no port.

 

&  Note:

When the port isolate command or undo port isolate command is executed, the other ports which are in the same aggregation group with the current port in the local device will be added to or removed from the isolation group together at the same time.

 

1.3  Displaying Port Isolation Configuration

After the above configuration, you can execute the display command in any view to display the running state after port isolation configuration. You can verify the configuration effect through checking the displayed information.

Table 1-2 Display port isolation configuration

Operation

Command

Description

Display the information about the Ethernet ports added to the isolation group

display isolate port

You can execute the display command in any view

 

1.4  Port Isolation Configuration Example

I. Network requirements

l           PC 2, PC 3 and PC 4 are connected to GigabitEthernet1/0/2, GigabitEthernet1/0/3, and GigabitEthernet1/0/4 ports.

l           The switch connects to the Internet through GigabitEthernet1/0/1 port.

l           It is desired that PC 2, PC 3 and PC 4 cannot communicate with each other.

II. Network diagram

Figure 1-1 Network diagram for port isolation configuration

III. Configuration procedure

# Add GigabitEthernet1/0/2, GigabitEthernet1/0/3, and GigabitEthernet1/0/4 ports to the isolation group.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] interface GigabitEthernet1/0/2

[H3C-GigabitEthernet1/0/2] port isolate

[H3C-GigabitEthernet1/0/2] quit

[H3C] interface GigabitEthernet1/0/3

[H3C-GigabitEthernet1/0/3] port isolate

[H3C-GigabitEthernet1/0/3] quit

[H3C] interface GigabitEthernet1/0/4

[H3C-GigabitEthernet1/0/4] port isolate

[H3C-GigabitEthernet1/0/4] quit

[H3C]

# Display the information about the ports in the isolation group.

<H3C> display isolate port

Isolated port(s) on UNIT 1:

 GigabitEthernet1/0/2, GigabitEthernet1/0/3, GigabitEthernet1/0/4