Login
- Table of Contents
-
- H3C Low-End and Mid-Range Ethernet Switches Configuration Examples(V1.01)
- 00-1Cover
- 01-Login Configuration Guide
- 02-VLAN Configuration Guide
- 03-GVRP Configuration Guide
- 04-Voice VLAN Configuration Guide
- 05-IP Addressing and Performance Configuration Guide
- 06-QinQ Configuration Guide
- 07-BPDU Tunnel Configuration Guide
- 08-VLAN Mapping Configuration Guide
- 09-MAC Address Table Management Configuration Guide
- 10-Link Aggregation Configuration Guide
- 11-IP Source Guard Configuration Guide
- 12-DLDP Configuration Guide
- 13-MSTP Configuration Guide
- 14-IPv4 Routing Configuration Guide
- 15-IPv6 Configuration Guide
- 16-IPv6 Routing Configuration Guide
- 17-IPv4 Multicast Configuration Guide
- 18-IPv6 Multicast Configuration Examples
- 19-802.1x Configuration Guide
- 20-AAA Configuration Guide
- 21-MAC Authentication Configuration Guide
- 22-Portal Configuration Guide
- 23-ARP Configuration Guide
- 24-DHCP Configuration Guide
- 25-ACL Configuration Guide
- 26-QoS Configuration Guide
- 27-Port Mirroring Configuration Guide
- 28-Cluster Management Configuration Guide
- 29-SNMP-RMON Configuration Guide
- 30-NTP Configuration Guide
- 31-FTP-TFTP Configuration Guide
- 32-UDP Helper Configuration Guide
- 33-Information Center Configuration Guide
- 34-DNS Configuration Guide
- 35-File System Management Configuration Guide
- 36-Remote Upgrade Configuration Guide
- 37-NQA Configuration Guide
- 38-VRRP Configuration Guide
- 39-SSH Configuration Guide
- 40-Port Security Configuration Guide
- 41-Port Isolation Configuration Guide
- 42-LLDP Configuration Guide
- 43-MCE Configuration Guide
- 44-PoE Configuration Guide
- 45-OAM Configuration Guide
- 46-Connectivity Fault Detection Configuration Guide
- 47-RRPP Configuration Guide
- 48-sFlow Configuration Guide
- 49-SSL-HTTPS Configuration Guide
- 50-PKI Configuration Guide
- 51-Track Configuration Guide
- 52-EPON-OLT Configuration Guide
- 53-Smart Link Configuration Guide
- 54-MPLS Configuration Guide
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 41-Port Isolation Configuration Guide | 39 KB |
Port Isolation
Configuring Port Isolation
Network Diagram
Figure 1-1 Networking diagram for port isolation configuration
l As shown in Figure 1-1, users Host A, Host B, and Host C are connected to GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 of Device.
l Device is connected to the Internet through GigabitEthernet 1/0/4.
l GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, GigabitEthernet 1/0/3, and GigabitEthernet 1/0/4 belong to the same VLAN. It is desired that Host A, Host B, and Host C cannot communicate with each other, but can access the Internet.
Applicable Product Matrix
|
Product series |
Software version |
Hardware version |
|
S3610 series Ethernet switches |
Release 5301 Release 5303 |
All versions |
|
S5510 series Ethernet switches |
Release 5301 Release 5303 |
All versions |
|
S5500-SI series Ethernet switches |
Release 1207 |
All versions except S5500-20TP-SI |
|
Release 1301 |
S5500-20TP-SI |
|
|
S5500-EI series Ethernet switches |
Release 2102 |
All versions |
|
S7500E series Ethernet switches |
Release 6100 Release 6300 |
All versions |
Configuration Procedure
# Add ports GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 to the isolation group.
<Device> system-view
[Device] interface GigabitEthernet1/0/1
[Device-GigabitEthernet1/0/1] port-isolate enable
[Device-GigabitEthernet1/0/1] quit
[Device] interface GigabitEthernet1/0/2
[Device-GigabitEthernet1/0/2] port-isolate enable
[Device-GigabitEthernet1/0/2] quit
[Device] interface GigabitEthernet1/0/3
[Device-GigabitEthernet1/0/3] port-isolate enable
# Display the information about the isolation group.
<Device> display port-isolate group
Port-isolate group information:
Uplink port support: NO
Group ID: 1
GigabitEthernet1/0/1 GigabitEthernet1/0/2 GigabitEthernet1/0/3
Complete Configuration
#
interface GigabitEthernet1/0/1
port-isolate enable
#
interface GigabitEthernet1/0/2
port-isolate enable
#
interface GigabitEthernet1/0/3
port-isolate enable
Configuration Guidelines
1) Currently some devices support only one isolation group that is created automatically by the system as isolation group 1. You can neither remove the isolation group nor create other isolation groups on such devices.
2) There is no restriction on the number of ports to be assigned to an isolation group.
3) Bidirectional data transmission between a port within the isolation group and another port outside the isolation group is supported, provided that the two ports belong to the same VLAN, but that between ports within the isolation group is not supported.
4) The port isolation feature supported on Ethernet switches of the S5500-SI and the S5500-EI series can isolate both Layer 2 and Layer 3 packets, but switches of other series listed in 102650 Applicable Product Matrix can only isolate Layer 2 packets.
