Login
- Table of Contents
-
- 04-Layer 2 - LAN Switching
- 00-Preface
- 01-MAC address table configuration
- 02-Ethernet link aggregation configuration
- 03-VLAN configuration
- 04-Loop detection configuration
- 05-Spanning tree configuration
- 06-LLDP configuration
- 07-Layer 2 forwarding configuration
- 08-VLAN termination configuration
- 09-Port isolation configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 09-Port isolation configuration | 48.10 KB |
Contents
Feature and hardware compatibility
Assigning a port to the isolation group·
Displaying and maintaining port isolation
Port isolation configuration example
Configuring port isolation
The port isolation feature isolates Layer 2 traffic for data privacy and security without using VLANs.
Ports in an isolation group cannot communicate with each other. However, they can communicate with ports outside the isolation group.
Feature and hardware compatibility
|
Hardware series |
Model |
Port isolation compatibility |
|
WX1800H series |
WX1804H WX1810H WX1820H |
No |
|
WX2500H series |
WX2510H WX2540H WX2560H |
No |
|
WX3000H series |
WX3010H WX3010H-X WX3024H WX3010H-L WX3024H-L |
Yes: · WX3010H · WX3010H-X · WX3024H No: · WX3010H-L · WX3024H-L |
|
WX3500H series |
WX3508H WX3510H WX3520H WX3540H |
No |
|
WX5500E series |
WX5510E WX5540E |
No |
|
WX5500H series |
WX5540H WX5560H WX5580H |
No |
|
Access controller modules |
EWPXM1MAC0F EWPXM1WCME0 EWPXM2WCMD0F LSQM1WCMX20 LSQM1WCMX40 LSUM1WCME0 LSUM1WCMX20RT LSUM1WCMX40RT |
No |
Assigning a port to the isolation group
The device supports only one isolation group that is automatically created as isolation group 1. You cannot remove the isolation group or create other isolation groups on the device. The number of ports assigned to the isolation group is not limited.
To assign a port to the isolation group:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter interface view. |
· Enter Layer 2 Ethernet interface view: · Enter Layer 2 aggregate interface view: |
· The configuration in Layer 2 Ethernet interface view applies only to the interface. · The configuration in Layer 2 aggregate interface view applies to the Layer 2 aggregate interface and its aggregation member ports. If the device fails to apply the configuration to the aggregate interface, it does not assign any aggregation member port to the isolation group. If the failure occurs on an aggregation member port, the device skips the port and continues to assign other aggregation member ports to the isolation group. |
|
3. Assign the port to the isolation group. |
port-isolate enable |
By default, the port is not in the isolation group. |
Displaying and maintaining port isolation
Execute display commands in any view.
|
Task |
Command |
|
Display port isolation group information. |
display port-isolate group |
Port isolation configuration example
Network requirements
As shown in Figure 1:
· AP1, AP2, and AP3 are connected to GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 on the AC, respectively.
· The AC connects to the Internet through GigabitEthernet 1/0/4.
Configure the AC to provide Internet access for all the APs, and isolate them from one another.
Configuration procedure
# Assign ports GigabitEthernet1/0/1, GigabitEthernet1/0/2, and GigabitEthernet1/0/3 to the isolation group.
<AC> system-view
[AC] interface gigabitethernet 1/0/1
[AC-GigabitEthernet1/0/1] port-isolate enable
[AC-GigabitEthernet1/0/1] quit
[AC] interface gigabitethernet 1/0/2
[AC-GigabitEthernet1/0/2] port-isolate enable
[AC-GigabitEthernet1/0/2] quit
[AC] interface gigabitethernet 1/0/3
[AC-GigabitEthernet1/0/3] port-isolate enable
[AC-GigabitEthernet1/0/3] quit
Verifying the configuration
# Display information about the isolation group.
[AC] display port-isolate group
Port isolation group information:
Group ID: 1
Group members:
GigabitEthernet1/0/1 GigabitEthernet1/0/2 GigabitEthernet1/0/3
The output shows that ports GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 are assigned to the isolation group. As a result, AP1, AP2, and AP3 are isolated from one another at Layer 2.
