H3C Low-End Ethernet Switches Configuration Guide(V1.01)

HomeSupportSwitchesH3C S3100 Switch SeriesConfigure & DeployConfiguration ExamplesH3C Low-End Ethernet Switches Configuration Guide(V1.01)
Table of Contents
Related Documents
08-Port Isolation Configuration Guide
Title Size Download
08-Port Isolation Configuration Guide 45.89 KB

Configuring Port Isolation

Port isolation allows you to add a port into an isolation group to isolate Layer-2 and Layer-3 traffic of the port from that of all other ports in the isolation group. While increasing network security, this allows for great flexibility.

Currently, an switch supports only one isolation group; however, the number of Ethernet ports in the isolation group is not limited.

Network Diagram

Figure 1-1 Network diagram for port isolation configuration

 

Networking and Configuration Requirements

l          PC2, PC3, and PC4 connect to the switch ports Ethernet 1/0/2, Ethernet 1/0/3, and Ethernet 1/0/4 respectively.

l          The switch connects to the Internet through Ethernet 1/0/1.

l          Isolate PC2, PC3, and PC4 from each other.

Applicable Product Matrix

Product series

Software version

Hardware version

S5600 series

Release 1510, Release1602

All versions

S5100-SI/EI series

Release 2200, Release2201

All versions

S3600-SI/EI series

Release 1510, Release1602

All versions

S3100-EI series

Release 2104, Release 2107

All versions

S3100-C-SI series

S3100-T-SI series

Release 0011, Release 2102, Release 2107

All versions

S3100-52P

Release 1500, Release 1602

S3100-52P

 

Configuration Procedure

# Add Ethernet 1/0/2, Ethernet 1/0/3, and Ethernet 1/0/4 to the isolation group.

<Switch> system-view

System View: return to User View with Ctrl+Z.

[Switch] interface ethernet1/0/2

[Switch-Ethernet1/0/2] port isolate

[Switch-Ethernet1/0/2] quit

[Switch] interface ethernet1/0/3

[Switch-Ethernet1/0/3] port isolate

[Switch-Ethernet1/0/3] quit

[Switch] interface ethernet1/0/4

[Switch-Ethernet1/0/4] port isolate

[Switch-Ethernet1/0/4] quit

[Switch]

# Display information about the ports in the isolation group.

<Switch> display isolate port

 Isolated port(s) on UNIT 1:

 Ethernet1/0/2, Ethernet1/0/3, Ethernet1/0/4

Complete Configuration

#

interface Ethernet1/0/2

 port isolate

#

interface Ethernet1/0/3

 port isolate

#

interface Ethernet1/0/4

 port isolate

#

Precautions

l          Adding to or removing from an isolation group an aggregated port can cause all other ports in the aggregation group on the device to join or exit the isolation group automatically.

l          After an aggregated port is removed from its aggregation group, all other member ports will still stay in the isolation group that they have joined (if any).

l          Removing an aggregation group does not remove its member ports from the isolation group that they have joined (if any).

l          Adding an isolated port to an aggregation group can cause all the member ports in the aggregation group to join the isolation group automatically.

l          Cross-device port isolation is supported on the S3600 series switches in an IRF fabric. This allows ports on different units to join the same isolation group.

l          For S3600 series switches in an IRF fabric, adding a member port in a cross-device aggregation group to an isolation group does not cause other member ports to join the isolation group automatically.

  • Cloud & AI
  • InterConnect
  • Intelligent Computing
  • Security
  • SMB Products
  • Intelligent Terminal Products
  • Product Support Services
  • Technical Service Solutions
All Services
  • Resource Center
  • Policy
  • Online Help
All Support
  • Become a Partner
  • Partner Resources
  • Partner Business Management
All Partners
  • Profile
  • News & Events
  • Online Exhibition Center
  • Contact Us
All About Us
新华三官网