04-Network Connectivity

HomeSupportConfigure & DeployConfiguration GuidesH3C Access Points Anchor AC Mode Configuration Guides(E2442 R2442)-6W10004-Network Connectivity
04-Port isolation configuration
Title Size Download
04-Port isolation configuration 93.66 KB

Configuring port isolation

About port isolation

The port isolation feature isolates Layer 2 traffic for data privacy and security without using VLANs.

Ports in an isolation group cannot communicate with each other. However, they can communicate with ports outside the isolation group.

You can configure community VLANs in an isolation group. Ports in an isolation group can communicate with each other if they belong to a community VLAN.

As shown in Figure 1:

·     To isolate Host A from Host C, and Host B from Host D, assign Port B and Port C on Device A to isolation group 1.

·     To enable Layer 2 communication between Host B and Host D, specify VLAN 3 as a community VLAN in isolation group 1. Host B and Host D belong to VLAN 3.

Figure 1 Community VLANs in an isolation group

Assigning a port to the isolation group

About this task

The device supports only one isolation group that is automatically created as isolation group 1. You cannot remove the isolation group or create other isolation groups on the device. The number of ports assigned to the isolation group is not limited.

Restrictions and guidelines

·     The configuration in Layer 2 Ethernet interface view applies only to the interface.

·     The configuration in Layer 2 aggregate interface view applies to the Layer 2 aggregate interface and its aggregation member ports. If the device fails to apply the configuration to the aggregate interface, it does not assign any aggregation member port to the isolation group. If the failure occurs on an aggregation member port, the device skips the port and continues to assign other aggregation member ports to the isolation group.

Procedure

1.     Enter system view.

system-view

2.     Enter interface view.

¡     Enter Layer 2 Ethernet interface view.

interface interface-type interface-number

¡     Enter Layer 2 aggregate interface view.

interface bridge-aggregation interface-number

3.     Assign the port to the isolation group.

port-isolate enable

By default, the port is not in the isolation group.

Display and maintenance commands for port isolation

Execute display commands in any view.

 

Task

Command

Display port isolation group information.

display port-isolate group

 

 

  • Cloud & AI
  • InterConnect
  • Intelligent Computing
  • Security
  • SMB Products
  • Intelligent Terminal Products
  • Product Support Services
  • Technical Service Solutions
All Services
  • Resource Center
  • Policy
  • Online Help
All Support
  • Become a Partner
  • Partner Resources
  • Partner Business Management
All Partners
  • Profile
  • News & Events
  • Online Exhibition Center
  • Contact Us
All About Us
新华三官网