Login
- Table of Contents
-
- 05-Network Connectivity
- 00-Preface
- 01-About the network connectivity configuration guide
- 02-MAC address table configuration
- 03-Ethernet link aggregation configuration
- 04-Port isolation configuration
- 05-VLAN configuration
- 06-Loop detection configuration
- 07-Spanning tree configuration
- 08-LLDP configuration
- 09-Layer 2 forwarding configuration
- 10-VLAN termination configuration
- 11-PPP configuration
- 12-L2TP configuration
- 13-Modem management configuration
- 14-3G and 4G modem management configuration
- 15-ARP configuration
- 16-IP addressing configuration
- 17-DHCP configuration
- 18-DHCPv6 configuration
- 19-DNS configuration
- 20-NAT configuration
- 21-IP performance optimization configuration
- 22-IPv6 basics configuration
- 23-GRE configuration
- 24-Tunneling configuration
- 25-IP forwarding basics configuration
- 26-Basic IP routing configuration
- 27-Static routing configuration
- 28-IPv6 static routing configuration
- 29-Policy-based routing configuration
- 30-IPv6 policy-based routing configuration
- 31-RIP configuration
- 32-RIPng configuration
- 33-Multicast overview
- 34-IGMP snooping configuration
- 35-MLD snooping configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 04-Port isolation configuration | 69.16 KB |
Contents
Restrictions: Hardware compatibility with port isolation
Assigning a port to the isolation group
Display and maintenance commands for port isolation
Port isolation configuration example
Example: Configuring port isolation (for single-isolation group devices)
Configuring port isolation
About port isolation
The port isolation feature isolates Layer 2 traffic for data privacy and security without using VLANs.
Ports in an isolation group cannot communicate with each other. However, they can communicate with ports outside the isolation group.
Restrictions: Hardware compatibility with port isolation
|
Hardware series |
Model |
Product code |
Port isolation compatibility |
|
WX1800H series |
WX1804H-PWR |
EWP-WX1804H-PWR-CN |
No |
|
WX2500H series |
WX2508H-PWR-LTE WX2510H-PWR WX2510H-F-PWR WX2540H WX2540H-F WX2560H |
EWP-WX2508H-PWR-LTE EWP-WX2510H-PWR EWP-WX2510H-F-PWR EWP-WX2540H EWP-WX2540H-F EWP-WX2560H |
No |
|
MAK series |
MAK204 MAK206 |
EWP-MAK204 EWP-MAK206 |
No |
|
WX3000H series |
WX3010H WX3010H-X-PWR WX3010H-L-PWR WX3024H WX3024H-L-PWR WX3024H-F |
EWP-WX3010H EWP-WX3010H-X-PWR EWP-WX3010H-L-PWR EWP-WX3024H EWP-WX3024H-L-PWR EWP-WX3024H-F |
Yes: · WX3010H · WX3010H-X-PWR · WX3024H · WX3024H-F No: · WX3010H-L-PWR · WX3024H-L-PWR |
|
WX3500H series |
WX3508H WX3508H WX3510H WX3510H WX3520H WX3520H-F WX3540H WX3540H |
EWP-WX3508H EWP-WX3508H-F EWP-WX3510H EWP-WX3510H-F EWP-WX3520H EWP-WX3520H-F EWP-WX3540H EWP-WX3540H-F |
No |
|
WX5500E series |
WX5510E WX5540E |
EWP-WX5510E EWP-WX5540E |
No |
|
WX5500H series |
WX5540H WX5560H WX5580H |
EWP-WX5540H EWP-WX5560H EWP-WX5580H |
No |
|
Access controller modules |
LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F |
LSUM1WCME0 EWPXM1WCME0 LSQM1WCMX20 LSUM1WCMX20RT LSQM1WCMX40 LSUM1WCMX40RT EWPXM2WCMD0F EWPXM1MAC0F |
No |
|
Hardware series |
Model |
Product code |
Port isolation compatibility |
|
WX1800H series |
WX1804H-PWR WX1810H-PWR WX1820H WX1840H |
EWP-WX1804H-PWR EWP-WX1810H-PWR EWP-WX1820H EWP-WX1840H-GL |
No |
|
WX3800H series |
WX3820H WX3840H |
EWP-WX3820H-GL EWP-WX3840H-GL |
No |
|
WX5800H series |
WX5860H |
EWP-WX5860H-GL |
No |
Assigning a port to the isolation group
About this task
The device supports only one isolation group that is automatically created as isolation group 1. You cannot remove the isolation group or create other isolation groups on the device. The number of ports assigned to the isolation group is not limited.
Restrictions and guidelines
· The configuration in Layer 2 Ethernet interface view applies only to the interface.
· The configuration in Layer 2 aggregate interface view applies to the Layer 2 aggregate interface and its aggregation member ports. If the device fails to apply the configuration to the aggregate interface, it does not assign any aggregation member port to the isolation group. If the failure occurs on an aggregation member port, the device skips the port and continues to assign other aggregation member ports to the isolation group.
Procedure
1. Enter system view.
system-view
2. Enter interface view.
¡ Enter Layer 2 Ethernet interface view.
interface interface-type interface-number
¡ Enter Layer 2 aggregate interface view.
interface bridge-aggregation interface-number
3. Assign the port to the isolation group.
port-isolate enable
By default, the port is not in the isolation group.
Display and maintenance commands for port isolation
Execute display commands in any view.
|
Task |
Command |
|
Display port isolation group information. |
display port-isolate group |
Port isolation configuration example
Example: Configuring port isolation (for single-isolation group devices)
This example applies to devices that support only one isolation group.
Network requirements
As shown in Figure 1, AP 1, AP 2, and AP 3 are connected to GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 on the AC, respectively. The AC connects to the Internet through GigabitEthernet 1/0/4.
Configure the AC to provide Internet access for the APs, and isolate APs from one another.
Configuration procedure
# Assign ports GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 to the isolation group.
<AC> system-view
[AC] interface gigabitethernet 1/0/1
[AC-GigabitEthernet1/0/1] port-isolate enable
[AC-GigabitEthernet1/0/1] quit
[AC] interface gigabitethernet 1/0/2
[AC-GigabitEthernet1/0/2] port-isolate enable
[AC-GigabitEthernet1/0/2] quit
[AC] interface gigabitethernet 1/0/3
[AC-GigabitEthernet1/0/3] port-isolate enable
[AC-GigabitEthernet1/0/3] quit
Verifying the configuration
# Display information about the isolation group.
[AC] display port-isolate group
Port isolation group information:
Group ID: 1
Group members:
GigabitEthernet1/0/1 GigabitEthernet1/0/2 GigabitEthernet1/0/3
The output shows that ports GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 are assigned to the isolation group. As a result, the APs are isolated from one another at Layer 2.
