Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 03-Port isolation commands | 78.1 KB |
|
|
IMPORTANT: · Port isolation is not supported on devices configured with enhanced IRF. For more information about enhanced IRF, see Virtual Technologies Configuration Guide. · In IRF mode, do not configure lite Layer 2 aggregation groups and port isolation groups on the same device. Otherwise, packet forwarding fails. For more information about lite Layer 2 aggregation groups, see Layer 2—LAN Switching Configuration Guide. |
community-vlan vlan
Use community-vlan vlan to configure community VLANs in an isolation group.
Use undo community-vlan to remove all community VLANs from an isolation group.
Syntax
community-vlan vlan { vlan-id-list | all }
undo community-vlan
Default
An isolation group does not contain any community VLANs.
Views
Isolation group view
Predefined user roles
network-admin
mdc-admin
Parameters
vlan-id-list: Specifies a space-separated list of up to 10 VLAN items. Each item specifies a VLAN ID or a range of VLAN IDs in the format of vlan-id1 to vlan-id2. The value range for VLAN IDs is 1 to 4094. The ID for vlan-id2 must be equal to or greater than the ID for vlan-id1.
all: Specifies all VLANs in the isolation group.
Usage guidelines
This command is available when the switch is operating in standalone mode or IRF mode with the enhanced IRF feature disabled.
You cannot configure new community VLANs for an isolation group that already contains community VLANs. To update the community VLANs in the isolation group, use the undo community-vlan vlan command to remove the existing community VLANs first.
Examples
# Configure VLAN 3 in isolation group 1 as a community VLAN.
<Sysname> system-view
[Sysname] port-isolate group 1
[Sysname-port-isolate-group1] community-vlan vlan 3
Related commands
display port-isolate group
Use display port-isolate group to display port isolation group information.
Syntax
display port-isolate group [ group-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
group-number: Specifies an isolation group by its number in the range of 1 to 16.
Examples
# Display all isolation groups.
<Sysname> display port-isolate group
Port isolation group information:
Group ID: 2
Group members:
GigabitEthernet3/0/1
Group ID: 5
Group members:
GigabitEthernet2/0/5 GigabitEthernet2/0/6
Community VLAN ID: 3
Table 1 Command output
|
Field |
Description |
|
Group ID |
Isolation group number. |
|
Group members |
Isolated ports in the isolation group. No ports indicates that the isolation group contains no isolated ports. |
|
Community VLAN ID |
IDs of the community VLANs in the isolation group. None indicates that the isolation group contains no community VLANs. |
Related commands
port-isolate enable
port-isolate enable
Use port-isolate enable to assign a port to an isolation group.
Use undo port-isolate enable to remove a port from an isolation group.
Syntax
port-isolate enable group group-number
undo port-isolate enable
Default
A port is not assigned to any isolation group.
Views
Layer 2 Ethernet interface view, Layer 2 aggregate interface view
Predefined user roles
network-admin
mdc-admin
Parameters
group group-number: Specifies an isolation group by its number in the range of 1 to 16.
Usage guidelines
The configuration in Layer 2 Ethernet interface view applies only to the interface.
The configuration in Layer 2 aggregate interface view applies to the Layer 2 aggregate interface and its aggregation member ports. If the device fails to apply the configuration to the aggregate interface, it does not assign any aggregation member port to the isolation group. If the failure occurs on an aggregation member port, the device skips the port and continues to assign other aggregation member ports to the isolation group.
To assign ports to an isolation group, make sure the isolation group already exists.
Examples
# Assign ports GigabitEthernet 3/0/1 and GigabitEthernet 3/0/2 to isolation group 2.
<Sysname> system-view
[Sysname] interface GigabitEthernet 3/0/1
[Sysname-GigabitEthernet3/0/1] port-isolate enable group 2
[Sysname-GigabitEthernet3/0/1] quit
[Sysname] interface GigabitEthernet 3/0/2
[Sysname-GigabitEthernet3/0/2] port-isolate enable group 2
Related commands
display port-isolate group
port-isolate group
Use port-isolate group to create an isolation group.
Use undo port-isolate group to delete isolation groups.
Syntax
port-isolate group group-number
undo port-isolate group { group-number | all }
Default
No isolation group exists.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
group-number: Specifies an isolation group by its number in the range of 1 to 16.
all: Deletes all isolation groups.
Usage guidelines
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Create isolation group 2.
<Sysname> system-view
[Sysname] port-isolate group 2
