06-Port Isolation Configuration
Chapters Download (53.54 KB)
Table of Contents
1 Port Isolation Configuration
Introduction to Port Isolation
Configuring the Isolation Group
Assigning a Port to the Isolation Group
Assigning a UNI to the Isolation Group
Displaying and Maintaining Isolation Groups
OLT Port Isolation Configuration Example
When configuring port isolation, go to these sections for information you are interested in:
l Introduction to Port Isolation
l Configuring the Isolation Group
l Displaying and Maintaining Isolation Groups
l OLT Port Isolation Configuration Example
Usually, Layer 2 traffic isolation is achieved by assigning ports to different VLANs. To save VLAN resources, port isolation is introduced to isolate ports within a VLAN, allowing for great flexibility and security.
Currently:
l S3600 series EPON OLT switches support only one isolation group that is created automatically by the system as isolation group 1. You can neither remove the isolation group nor create other isolation groups on such devices.
l There is no restriction on the number of ports assigned to an isolation group.
Follow these steps to add a port to the isolation group:
|
To do… |
Use the command… |
Remarks |
|
|
Enter system view |
system-view |
— |
|
|
Enter port view or, port group view |
Enter Ethernet port/OLT port view |
interface interface-type interface-number |
Required Use one of the commands. l In Ethernet port/OLT port view, the subsequent configurations apply to the current port. l In Layer-2 aggregate interface view, the subsequent configurations apply to the Layer-2 aggregate interface and all its member ports. l In port group view, the subsequent configurations apply to all ports in the port group. |
|
Enter Layer-2 aggregate interface view |
interface bridge-aggregation interface-number |
||
|
Enter port group view |
port-group manual port-group-name |
||
|
Assign the port or ports to the isolation group as an isolated port or ports |
port-isolate enable |
Required No ports are added to the isolation group by default. |
|
Follow these steps to add a UNI port to the isolation group:
|
To do... |
Use the command... |
Remarks |
|
|
Enter system view |
system-view |
— |
|
|
Enter ONU port view |
interface onu interface-number |
— |
|
|
Configure UNI port isolation |
Configure port isolation for all UNIs |
onu port-isolate enable |
Required Use either command By default, a UNI port is not in any isolation group. |
|
Configure port isolation for the specified UNI |
uni uni-number port-isolate |
||
Only one isolation group can be created on an ONU device, and there is no limit on the number of ports in an isolation group.
|
To do… |
Use the command… |
Remarks |
|
Display the isolation group information |
display port-isolate group |
Available in any view |
l An OLT device is connected to the Internet through the uplink port.
l Configure port isolation between OLT 1/0/1 and OLT 1/0/2 so that the users under OLT 1/0/1 and those under OLT 1/0/2 can access the Internet but cannot communicate with each other at Layer 2.
Figure 1-1 Networking diagram for port isolation configuration
# Add ports OLT1/0/1 and OLT1/0/1 to the isolation group.
<Sysname> system-view
[Sysname] interface olt 1/0/1
[Sysname-Olt1/0/1] port-isolate enable
[Sysname-Olt1/0/1] quit
[Sysname] interface olt 1/0/2
[Sysname-Olt1/0/2] port-isolate enable
[Sysname-Olt1/0/2] quit
# Display the information about the isolation group.
<Sysname> display port-isolate group
Port-isolate group information:
Uplink port support: NO
Group ID: 1
olt1/0/1 olt1/0/2
