Login
| Title | Size | Downloads |
|---|---|---|
| H3C S3100-52P Ethernet Switch Operatioin Manual-Release 1702-6W100-Port Isolation Operation.pdf | 65.83 KB |
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 10-Port Isolation Operation | 65.83 KB |
Table of Contents
1 Port Isolation Configuration
Displaying and Maintaining Port Isolation Configuration
Port Isolation Configuration Example
When configuring port isolation, go to these sections for information you are interested in:
l Port Isolation Configuration
l Displaying and Maintaining Port Isolation Configuration
l Port Isolation Configuration Example
Port Isolation Overview
The port isolation feature is used to secure and add privacy to the data traffic and prevent malicious attackers from obtaining the user information. With the port isolation feature, you can add the ports to be controlled into an isolation group to isolate the Layer 2 and Layer 3 data between each port in the isolation group (a port in an isolation group does not forward traffic to the other ports in the isolation group).
The ports in an isolation group must reside on the same switch.
l Currently, you can create only one isolation group on an S3100-52P Ethernet switch. The number of Ethernet ports in an isolation group is not limited.
l An isolation group only isolates the member ports in it.
Port Isolation Configuration
You can perform the following operations to add an Ethernet port to an isolation group, thus isolating Layer 2 and Layer 3 data among the ports in the isolation group.
Follow these steps to configure port isolation:
|
To do … |
Use the command … |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter Ethernet port view |
interface interface-type interface-number |
— |
|
Add the Ethernet port to the isolation group |
port isolate |
Required By default, an isolation group contains no port. |
l When a member port of an aggregation group joins/leaves an isolation group, the other ports in the same aggregation group will join/leave the isolation group at the same time.
l For ports that belong to an aggregation group and an isolation group simultaneously, removing a port from the aggregation group has no effect on the other ports. That is, the rest ports remain in the aggregation group and the isolation group.
l Ports that belong to an aggregation group and an isolation group simultaneously are still isolated even when you remove the aggregation group in system view.
l Adding an isolated port to an aggregation group causes all the ports in the aggregation group to be added to the isolation group.
Displaying and Maintaining Port Isolation Configuration
|
To do … |
Use the command … |
Remarks |
|
Display information about the Ethernet ports added to the isolation group |
display isolate port |
Available in any view |
Port Isolation Configuration Example
Network requirements
As shown in Figure 1-1, PC2, PC3 and PC4 connect to the switch ports Ethernet1/0/2, Ethernet1/0/3, and Ethernet1/0/4 respectively. The switch connects to the Internet through Ethernet1/0/1.
It is desired to isolate PC2, PC3 and PC4 to disable them from communicating directly with each other.
Network diagram
Figure 1-1 Network diagram for port isolation configuration
Configuration procedure
# Add Ethernet1/0/2, Ethernet1/0/3, and Ethernet1/0/4 to the isolation group.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] interface ethernet1/0/2
[Sysname-Ethernet1/0/2] port isolate
[Sysname-Ethernet1/0/2] quit
[Sysname] interface ethernet1/0/3
[Sysname-Ethernet1/0/3] port isolate
[Sysname-Ethernet1/0/3] quit
[Sysname] interface ethernet1/0/4
[Sysname-Ethernet1/0/4] port isolate
[Sysname-Ethernet1/0/4] quit
[Sysname] quit
# Display information about the ports in the isolation group.
<Sysname> display isolate port
Isolated port(s) on UNIT 1:
Ethernet1/0/2, Ethernet1/0/3, Ethernet1/0/4
