- Table of Contents
-
- H3C S3600 Series Ethernet Switches Operation Manual-Release 1510(V1.04)
- 00-1Cover
- 00-2Product Overview
- 01-CLI Operation
- 02-Login Operation
- 03-Configuration File Management Operation
- 04-VLAN Operation
- 05-IP Address and Performance Configuration Operation
- 06-Management VLAN Operation
- 07-Voice VLAN Operation
- 08-GVRP Operation
- 09-Port Basic Configuration Operation
- 10-Link Aggregation Operation
- 11-Port Isolation Operation
- 12-Port Security-Port Binding Operation
- 13-DLDP Operation
- 14-MAC Address Table Operation
- 15-Auto Detect Operation
- 16-MSTP Operation
- 17-Routing Protocol Operation
- 18-Multicast Operation
- 19-802.1x Operation
- 20-AAA-RADIUS-HWTACACS-EAD Operation
- 21-VRRP Operation
- 22-Centralized MAC Address Authentication Operation
- 23-ARP Operation
- 24-DHCP Operation
- 25-ACL Operation
- 26-QoS-QoS Profile Operation
- 27-Web Cache Redirection Operation
- 28-Mirroring Operation
- 29-IRF Fabric Operation
- 30-Cluster Operation
- 31-PoE-PoE Profile Operation
- 32-UDP Helper Operation
- 33-SNMP-RMON Operation
- 34-NTP Operation
- 35-SSH Terminal Service Operation
- 36-File System Management Operation
- 37-FTP and TFTP Operation
- 38-Information Center Operation
- 39-System Maintenance and Debugging Operation
- 40-VLAN-VPN Operation
- 41-HWPing Operation
- 42-DNS Operation
- 43-Access Management Operation
- 44-Appendix
- Related Documents
-
Title | Size | Download |
---|---|---|
11-Port Isolation Operation | 57 KB |
Table of Contents
Chapter 1 Port Isolation Configuration
1.2 Port Isolation Configuration
1.3 Displaying Port Isolation Configuration
1.4 Port Isolation Configuration Example
Chapter 1 Port Isolation Configuration
1.1 Port Isolation Overview
Through the port isolation feature, you can add the ports to be controlled into an isolation group to isolate the Layer 2 and Layer 3 data between each port in the isolation group. Thus, you can construct your network in a more flexible way and improve your network security.
Currently, an S3600 Series Ethernet Switch supports only one isolation group, but does not limit the number of Ethernet ports in the unique isolation group.
& Note:
Port isolation is independent of VLAN configuration.
1.2 Port Isolation Configuration
You can perform the following operations to add individual Ethernet ports to the isolation group, thus isolating Layer 2 and Layer 3 data between each port in the isolation group.
Table 1-1 Configure port isolation
Operation |
Command |
Description |
Enter system view |
system-view |
— |
Enter Ethernet port view |
interface interface-type interface-number |
— |
Add the Ethernet port to the isolation group |
port isolate |
Required By default, an isolation group contains no port. |
& Note:
When the port isolate command or the undo port isolate command is executed on a member port of an aggregation group, the other ports in the same aggregation group on the local device will be added to or removed from the isolation group together at the same time.
1.3 Displaying Port Isolation Configuration
After the above configuration, you can execute the display command in any view to display the result of your port isolation configuration, thus verifying your configuration.
Table 1-2 Display port isolation configuration
Operation |
Command |
Description |
Display information about the Ethernet ports added to the isolation group |
display isolate port |
You can execute the display command in any view. |
1.4 Port Isolation Configuration Example
I. Network requirements
l PC2, PC3 and PC4 connect to the switch ports Ethernet1/0/2, Ethernet1/0/3, and Ethernet1/0/4 respectively.
l The switch connects to the Internet through Ethernet1/0/1.
l It is desired that PC2, PC3 and PC4 are isolated from each other so that they cannot communicate with each other.
II. Network diagram
Figure 1-1 Network diagram for port isolation configuration
III. Configuration procedure
# Add Ethernet1/0/2, Ethernet1/0/3, and Ethernet1/0/4 to the isolation group.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] interface ethernet1/0/2
[H3C-Ethernet1/0/2] port isolate
[H3C-Ethernet1/0/2] quit
[H3C] interface ethernet1/0/3
[H3C-Ethernet1/0/3] port isolate
[H3C-Ethernet1/0/3] quit
[H3C] interface ethernet1/0/4
[H3C-Ethernet1/0/4] port isolate
[H3C-Ethernet1/0/4] quit
[H3C] quit
# Display information about the ports in the isolation group.
<H3C> display isolate port
Isolated port(s) on UNIT 1:
Ethernet1/0/2, Ethernet1/0/3, Ethernet1/0/4