Login
- Table of Contents
-
- 04-Layer 2 - LAN Switching Command Reference
- 00-Preface
- 01-VLAN Commands
- 02-MAC Address Table Commands
- 03-Spanning Tree Commands
- 04-Ethernet Link Aggregation Commands
- 05-Port Isolation Commands
- 06-QinQ Commands
- 07-VLAN Mapping Commands
- 08-BPDU Tunneling Commands
- 09-GVRP Commands
- 10-Loopback Detection Commands
- 11-MAC-in-MAC Commands
- 12-LLDP Commands
- 13-MVRP Commands
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 05-Port Isolation Commands | 82.7 KB |
|
|
NOTE: The switch operates in IRF or standalone (the default) mode. The port isolation commands are available when the switch operates in standalone mode or operates in IRF mode with the enhanced IRF mode disabled. For more information about the IRF mode, see IRF Configuration Guide. |
community-vlan vlan
Syntax
community-vlan vlan { vlan-id-list | all }
undo community-vlan
View
Isolation group view
Default level
2: System level
Parameters
vlan-id-list: Specifies a list of VLANs in the format of { vlan-id1 [ to vlan-id2 ] }&<1-10>, where vlan-id ranges from 1 to 4094 with vlan-id1 no smaller than vlan-id2, and &<1-10> indicates that you can specify up to ten vlan-id1 [ to vlan-id2 ] options.
all: Configures all VLANs in the isolation group as non-isolated.
Description
Use the community-vlan vlan command to configure non-isolated VLANs in an isolation group.
Use the undo community-vlan command to remove all non-isolated VLANs from an isolation group.
By default, an isolation group does not contain any non-isolated VLANs.
The command is available only when the switch operates in non-hybrid mode. For more information about the system working modes, see Fundamentals Configuration Guide.
You cannot repeatedly configure the community-vlan vlan command. To update the non-isolated VLANs in an isolation group, you must use the undo community-vlan vlan command first.
Examples
# Configure VLAN 3 as a non-isolated VLAN in isolation group 1.
<Sysname> system-view
[Sysname] port-isolate group 1
[Sysname-port-isolate-group1] community-vlan vlan 3
# Remove all non-isolated VLANs from isolation group 2.
<Sysname> system-view
[Sysname] port-isolate group 2
[Sysname-port-isolate-group2] undo community-vlan
display port-isolate group
Syntax
display port-isolate group [ group-number ] [ | { begin | exclude | include } regular-expression ]
View
Any view
Default level
1: Monitor level
Parameters
group-number: Specifies an isolation group number, which ranges from 1 to 16 in standalone mode and from 1 to 4 in IRF mode.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
begin: Displays the first line that matches the specified regular expression and all lines that follow.
exclude: Displays all lines that do not match the specified regular expression.
include: Displays all lines that match the specified regular expression.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Description
Use the display port-isolate group command to display port isolation group information.
If an isolation group is specified, this command displays information about the specified isolation group. If no isolation group is specified, this command displays information about all isolation groups.
Examples
# Display information about all isolation groups.
<Sysname> display port-isolate group
Port-isolate group information:
Uplink port support: NO
Group ID: 2
Group members:
GigabitEthernet4/0/1
Table 1 Output description
|
Field |
Description |
|
Port-isolate group information |
Port isolation group information |
|
Uplink port support |
Indicates whether the uplink port is supported. |
|
Group ID |
Isolation group number |
|
Group members |
Isolated ports in the isolation group |
port-isolate enable
Syntax
port-isolate enable group group-number
undo port-isolate enable
View
Layer 2 Ethernet interface view, Layer 2 aggregate interface view, port group view
Default level
2: System level
Parameters
group group-number: Specifies the ID of the group to which the ports are to be assigned. The group-number argument ranges from 1 to 16 in standalone mode and from 1 to 4 in IRF mode.
Description
Use the port-isolate enable command to assign a port to an isolation group.
Use the undo port-isolate enable command to remove a port from the isolation group.
Before assigning a port to an isolation group, create the isolation group with the port-isolate group command first.
The number of ports that can be assigned to an isolation group is not limited.
To assign Ethernet ports to the isolation group one by one, perform the command in Layer 2 Ethernet interface view.
To bulk assign Ethernet ports to the isolation group, perform the command in port group view.
To assign a Layer 2 aggregate interface to the isolation group, perform the command in Layer 2 aggregate interface view. The configuration applies to the Layer 2 aggregate interface and all its member ports. If the device fails to apply the port-isolate enable command to a Layer 2 aggregate interface, it does not assign any member port of the aggregate interface to the isolation group. If the failure occurs on a member port, the device can still assign other member ports to the isolation group. For more information about Layer 2 aggregate interfaces, see Layer 2—LAN Switching Configuration Guide.
Examples
# Assign ports GigabitEthernet 4/0/1 to isolation group 2.
<Sysname> system-view
[Sysname] interface GigabitEthernet 4/0/1
[Sysname-GigabitEthernet4/0/1] port-isolate enable group 2
port-isolate group
Syntax
port-isolate group group-number
undo port-isolate group { group-number | all }
View
System view
Default level
2: System level
Parameters
group-number: Specifies the number of the isolation group. The group number ranges from 1 to 16 in standalone mode and from 1 to 4 in IRF mode.
all: Deletes all isolation groups.
Description
Use the port-isolate group command to create an isolation group and enter isolation group view if the switch operates in non-hybrid mode.
Use the undo port isolate group command to delete one or all isolation groups.
Examples
# Create isolation group 2.
<Sysname> system-view
[Sysname] port-isolate group 2
port-isolate uplink-port
Syntax
port-isolate uplink-port group group-number
undo port-isolate uplink-port
View
Ethernet interface view, Layer-2 aggregate interface view
Default level
2: System level
Parameters
group-number: Specifies an isolation group number. The group number ranges from 1 to 16.
Description
Use the port-isolate uplink-port command to configure the specified port as the uplink port in the isolation group.
Use the undo port-isolate uplink-port command to remove the uplink port in the isolation group.
To assign Ethernet ports to the isolation group one by one, perform the command in Layer 2 Ethernet interface view.
To assign a Layer 2 aggregate interface to the isolation group, perform the command in Layer 2 aggregate interface view. The configuration applies to the Layer 2 aggregate interface and all its member ports. If the device fails to apply the port-isolate enable command to a Layer 2 aggregate interface, it does not assign any member port of the aggregate interface to the isolation group. If the failure occurs on a member port, the device can still assign other member ports to the isolation group. For more information about Layer 2 aggregate interfaces, see Layer 2—LAN Switching Configuration Guide.
|
|
CAUTION: · This command is available only when the switch operates in hybrid mode. · Before configuring a port as the uplink port of an isolation group, create the isolation group first. · The port-isolate enable and port-isolate uplink-port commands are mutually exclusive. In other words, after you configure a port as an isolated port of an isolation group, you cannot configure the port as the uplink port of any isolation group, and vice versa. · The member port of an aggregation group cannot be configured as the uplink port of an isolation group and vice versa. If you assign a port to an aggregation group and to an isolation group as the uplink port at the same time, the aggregation group configuration will take effect and the isolation group configuration will be removed for backward configuration file compatibility. |
Examples
# Configure port GigabitEthernet 3/0/1 as the uplink port of the isolation group.
<Sysname> system-view
[Sysname] port-isolate group 2
[Sysname] interface GigabitEthernet 3/0/1
[Sysname-GigabitEthernet3/0/1] port-isolate uplink-port group 2
# Configure Layer 2 aggregate interface Bridge-aggregation 1 as the uplink port of the isolation group.
<Sysname> system-view
[Sysname] interface Bridge-Aggregation 1
[Sysname-Bridge-Aggregation1] port-isolate uplink-port group 2
