- Table of Contents
-
- H3C Low-End Ethernet Switches Configuration Guide(V1.01)
- 01-Login Configuration Guide
- 02-VLAN Configuration Guide
- 03-IP Address Configuration Guide
- 04-Voice VLAN Configuration Guide
- 05-GVRP Configuration Guide
- 06-Ethernet Interface Basic Configuration Guide
- 07-Link Aggregation Configuration Guide
- 08-Port Isolation Configuration Guide
- 09-Port Security Configuration Guide
- 10-Port Binding Configuration Guide
- 11-MAC Address Table Management Configuration Guide
- 12-DLDP Configuration Guide
- 13-Auto Detect Configuration Guide
- 14-MSTP Configuration Guide
- 15-Routing Configuration Guide
- 16-Multicast Configuration Guide
- 17-802.1x Configuration Guide
- 18-AAA Configuration Guide
- 19-MAC Authentication Configuration Guide
- 20-VRRP Configuration Guide
- 21-ARP Configuration Guide
- 22-DHCP Configuration Guide
- 23-ACL Configuration Guide
- 24-QoS-QoS Profile Configuration Guide
- 25-Web Cache Redirection Configuration Guide
- 26-Mirroring Configuration Guide
- 27-IRF Configuration Guide
- 28-Cluster Configuration Guide
- 29-PoE-PoE Profile Configuration Guide
- 30-UDP Helper Configuration Guide
- 31-SNMP-RMON Configuration Guide
- 32-NTP Configuration Guide
- 33-SSH Configuration Guide
- 34-FTP and TFTP Configuration Guide
- 35-Information Center Configuration Guide
- 36-VLAN-VPN Configuration Guide
- 37-HWPing Configuration Guide
- 38-DNS Configuration Guide
- 39-Access Management Configuration Guide
- 40-Web Authentication Configuration Guide
- 41-IPv6 Management Configuration Guide
- 42-Smart link - Monitor Link Configuration Guide
- 43-VLAN Mapping Configuration Guide
- Related Documents
-
Title | Size | Download |
---|---|---|
08-Port Isolation Configuration Guide | 45.89 KB |
Configuring Port Isolation
Port isolation allows you to add a port into an isolation group to isolate Layer-2 and Layer-3 traffic of the port from that of all other ports in the isolation group. While increasing network security, this allows for great flexibility.
Network Diagram
Figure 1-1 Network diagram for port isolation configuration
Networking and Configuration Requirements
l PC2, PC3, and PC4 connect to the switch ports Ethernet 1/0/2, Ethernet 1/0/3, and Ethernet 1/0/4 respectively.
l The switch connects to the Internet through Ethernet 1/0/1.
l Isolate PC2, PC3, and PC4 from each other.
Applicable Product Matrix
Product series |
Software version |
Hardware version |
S5600 series |
Release 1510, Release1602 |
All versions |
S5100-SI/EI series |
Release 2200, Release2201 |
All versions |
S3600-SI/EI series |
Release 1510, Release1602 |
All versions |
S3100-EI series |
Release 2104, Release 2107 |
All versions |
S3100-C-SI series S3100-T-SI series |
Release 0011, Release 2102, Release 2107 |
All versions |
S3100-52P |
Release 1500, Release 1602 |
S3100-52P |
Configuration Procedure
# Add Ethernet 1/0/2, Ethernet 1/0/3, and Ethernet 1/0/4 to the isolation group.
<Switch> system-view
System View: return to User View with Ctrl+Z.
[Switch] interface ethernet1/0/2
[Switch-Ethernet1/0/2] port isolate
[Switch-Ethernet1/0/2] quit
[Switch] interface ethernet1/0/3
[Switch-Ethernet1/0/3] port isolate
[Switch-Ethernet1/0/3] quit
[Switch] interface ethernet1/0/4
[Switch-Ethernet1/0/4] port isolate
[Switch-Ethernet1/0/4] quit
[Switch]
# Display information about the ports in the isolation group.
<Switch> display isolate port
Isolated port(s) on UNIT 1:
Ethernet1/0/2, Ethernet1/0/3, Ethernet1/0/4
Complete Configuration
#
interface Ethernet1/0/2
port isolate
#
interface Ethernet1/0/3
port isolate
#
interface Ethernet1/0/4
port isolate
#
Precautions
l Adding to or removing from an isolation group an aggregated port can cause all other ports in the aggregation group on the device to join or exit the isolation group automatically.
l After an aggregated port is removed from its aggregation group, all other member ports will still stay in the isolation group that they have joined (if any).
l Removing an aggregation group does not remove its member ports from the isolation group that they have joined (if any).
l Adding an isolated port to an aggregation group can cause all the member ports in the aggregation group to join the isolation group automatically.
l Cross-device port isolation is supported on the S3600 series switches in an IRF fabric. This allows ports on different units to join the same isolation group.
l For S3600 series switches in an IRF fabric, adding a member port in a cross-device aggregation group to an isolation group does not cause other member ports to join the isolation group automatically.