Login
- Table of Contents
-
- 02-Layer 2 Configuration Guide
- 00-Preface
- 01-Ethernet Interface Configuration
- 02-Loopback and Null Interface Configuration
- 03-MAC Address Table Configuration
- 04-Ethernet Link Aggregation Configuration
- 05-Port Isolation Configuration
- 06-Spanning Tree Configuration
- 07-VLAN Configuration
- 08-GVRP Configuration
- 09-LLDP Configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 05-Port Isolation Configuration | 73.81 KB |
Contents
Introduction to port isolation
Configuring an isolation group
Adding a port to an isolation group
Displaying and maintaining isolation groups
Port isolation configuration example
This chapter includes these sections:
· Introduction to port isolation
· Configuring an isolation group
· Displaying and maintaining isolation groups
· Port isolation configuration example
|
|
NOTE: · The term "switch" or "device" in this chapter refers to the switching engine on a WX3000E wireless switch. · The WX3000E series comprises WX3024E and WX3010E wireless switches. · The port numbers in this chapter are for illustration only. |
Introduction to port isolation
Assigning ports to different VLANs is a typical way to isolate Layer 2 traffic for data privacy and security, but this way is VLAN resource demanding. To save VLAN resources, you can use the port isolation feature, which can isolate ports without using VLANs and allows for great flexibility and security.
The switching engine on the WX3000E series wireless switches supports multiple isolation groups which can be configured manually.
The number of ports assigned to an isolation group is not limited.
Within the same VLAN, traffic can be forwarded bidirectionally between isolated ports and ports outside isolation groups.
Configuring an isolation group
Adding a port to an isolation group
Follow these steps to configure an isolation group for a multiple-isolation-group device:
|
To do… |
Use the command… |
Remarks |
|
|
Enter system view |
system-view |
— |
|
|
Create an isolation group |
port-isolate group group-number |
Required |
|
|
Enter interface view, or port group view |
Enter Ethernet interface view |
interface interface-type interface-number |
Required Use one of the commands. · In Ethernet interface view, the subsequent configurations apply to the current port · In Layer 2 aggregate interface view, the subsequent configurations apply to the Layer 2 aggregate interface and all its member ports. · In port group view, the subsequent configurations apply to all ports in the port group. |
|
Enter Layer 2 aggregate interface view |
interface bridge-aggregation interface-number |
||
|
Enter port group view |
port-group manual port-group-name |
||
|
Add the port/ports to an isolation group as an isolated port/isolated ports |
port-isolate enable group group-number |
Required No ports are added to an isolation group by default. |
|
Displaying and maintaining isolation groups
|
To do… |
Use the command… |
Remarks |
|
Display the isolation group information |
display port-isolate group [ group-number ] [ | { begin | exclude | include } regular-expression ] |
Available in any view |
Port isolation configuration example
Networking requirements
As shown in Figure 1, Host A, Host B, and Host C are connected to ports GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 of Device, which are assigned to the same VLAN. Device provides access to the Internet through port GigabitEthernet 1/0/4 for Host A, B and C.
Configure port isolation to isolate GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 to prevent the hosts from communicating with one another at Layer 2 but allowing them to access the Internet.
Figure 1 Networking diagram for port isolation configuration
Configuration procedure
# Create isolation group 2.
<Device> system-view
[Device] port-isolate group 2
# Assign GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 to isolation group 2 as isolated ports.
[Device] interface gigabitethernet 1/0/1
[Device-GigabitEthernet1/0/1] port-isolate enable group 2
[Device-GigabitEthernet1/0/1] quit
[Device] interface gigabitethernet 1/0/2
[Device-GigabitEthernet1/0/2] port-isolate enable group 2
[Device-GigabitEthernet1/0/2] quit
[Device] interface gigabitethernet 1/0/3
[Device-GigabitEthernet1/0/3] port-isolate enable group 2
# Display information of isolation group 2.
<Device> display port-isolate group 2
Port-isolate group information:
Uplink port support: NO
Group ID: 2
Group members:
GigabitEthernet1/0/1 GigabitEthernet1/0/2 GigabitEthernet1/0/3
