Login
- Table of Contents
-
- 01-Access Volume
- 00-Access Volume Organization
- 01-Ethernet Interface Configuration
- 02-Link Aggregation Configuration
- 03-Port Isolation Configuration
- 04-Service Loopback Group Configuration
- 05-DLDP Configuration
- 06-Smart Link Configuration
- 07-LLDP Configuration
- 08-VLAN Configuration
- 09-GVRP Configuration
- 10-QinQ Configuration
- 11-BPDU Tunneling Configuration
- 12-VLAN Mapping Configuration
- 13-Ethernet OAM Configuration
- 14-Connectivity Fault Detection Configuration
- 15-EPON-OLT Configuration
- 16-MSTP Configuration
- 17-RRPP Configuration
- 18-Mirroring Configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 03-Port Isolation Configuration | 47.57 KB |
Table of Contents
1 Port Isolation Configuration
Introduction to Port Isolation
Configuring the Isolation Group
Assigning a Port to the Isolation Group
Displaying and Maintaining Isolation Groups
Port Isolation Configuration Example
When configuring port isolation, go to these sections for information you are interested in:
l Introduction to Port Isolation
l Configuring the Isolation Group
l Displaying and Maintaining Isolation Groups
l Port Isolation Configuration Example
Introduction to Port Isolation
Usually, Layer 2 isolation is achieved by assigning ports to different VLANs. This undertaking, however, wastes limited VLAN resources. To address the issue, port isolation was developed. It allows you to isolate ports within the same VLAN by assigning them to isolation groups, achieving flexibility and security.
Currently:
l The devices support only one isolation group that is created automatically by the system as isolation group 1.. Users can neither remove the isolation group nor create other isolation groups on such devices.
l There is no restriction on the number of ports to be assigned to an isolation group.
l The ports in an isolation group can exchange Layer-2 traffic with ports outside of the group, but they cannot exchange traffic with each other.
Configuring the Isolation Group
Assigning a Port to the Isolation Group
Follow these steps to add a port to the isolation group:
|
To do… |
Use the command… |
Remarks |
|
|
Enter system view |
system-view |
— |
|
|
Enter interface view or, port group view |
Enter Ethernet interface view |
interface interface-type interface-number |
Required Use one of the commands. l In Ethernet interface view, the subsequent configurations apply to the current port. l In Layer-2 aggregate interface view, the subsequent configurations apply to the Layer-2 aggregate interface and all its member ports. l In port group view, the subsequent configurations apply to all ports in the port group. |
|
Enter Layer-2 aggregate interface view |
interface bridge-aggregation interface-number |
||
|
Enter port group view |
port-group manual port-group-name |
||
|
Assign the port or ports to the isolation group as an isolated port or ports |
port-isolate enable |
Required No ports are added to the isolation group by default. |
|
After you configure a command on a Layer-2 aggregate interface, the system starts applying the configuration to the aggregate interface and its aggregation member ports. If the system fails to do that on the aggregate interface, it stops applying the configuration to the aggregation member ports. If it fails to do that on an aggregation member port, it simply skips the port and moves to the next port.
Displaying and Maintaining Isolation Groups
|
To do… |
Use the command… |
Remarks |
|
Display the isolation group information on a device |
display port-isolate group |
Available in any view |
Port Isolation Configuration Example
Networking Requirement
l Users Host A, Host B, and Host C are connected to Ethernet 2/0/1, Ethernet 2/0/2, and Ethernet 2/0/3 of Device.
l Device is connected to the Internet through Ethernet 2/0/4.
l Ethernet 2/0/1, Ethernet 2/0/2, Ethernet 2/0/3, and Ethernet 2/0/4 belong to the same VLAN.
It is required that Host A, Host B, and Host C can access the Internet while being isolated from one another.
Networking diagram
Figure 1-1 Networking diagram for port isolation configuration
Configuration procedure
# Add ports Ethernet 2/0/1, Ethernet 2/0/2 and Ethernet 2/0/3 to the isolation group.
<Device> system-view
[Device] interface ethernet 2/0/1
[Device-Ethernet2/0/1] port-isolate enable
[Device-Ethernet2/0/1] quit
[Device] interface ethernet 2/0/2
[Device-Ethernet2/0/2] port-isolate enable
[Device-Ethernet2/0/2] quit
[Device] interface ethernet 2/0/3
[Device-Ethernet2/0/3] port-isolate enable
[Device-Ethernet2/0/3] return
# Display the information about the isolation group.
<Device> display port-isolate group
Port-isolate group information:
Uplink port support: NO
Group ID: 1
Ethernet2/0/1 Ethernet2/0/2 Ethernet2/0/3
