Login
- Table of Contents
-
- 03-Layer 2—LAN Switching Command Reference
- 00-Preface
- 01-Ethernet interface commands
- 02-Loopback, null, and inloopback interface commands
- 03-Bulk interface commands
- 04-MAC address table commands
- 05-Ethernet link aggregation commands
- 06-DRNI commands
- 07-Port isolation commands
- 08-VLAN commands
- 09-MVRP commands
- 10-QinQ commands
- 11-VLAN mapping commands
- 12-Loop detection commands
- 13-Spanning tree commands
- 14-LLDP commands
- 15-L2PT commands
- 16-PPP commands
- 17-Service loopback group commands
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 07-Port isolation commands | 54.07 KB |
Port isolation commands
community-vlan vlan
Use community-vlan vlan to configure community VLANs in an isolation group.
Use undo community-vlan to restore the default.
Syntax
community-vlan vlan { vlan-id-list | all }
undo community-vlan
Default
An isolation group does not have any community VLANs.
Views
Isolation group view
Predefined user roles
network-admin
Parameters
vlan-id-list: Specifies a space-separated list of up to 10 VLAN items. Each item specifies a VLAN ID or a range of VLAN IDs in the format of vlan-id1 to vlan-id2. The value range for VLAN IDs is 1 to 4094. The ID for vlan-id2 must be equal to or greater than the ID for vlan-id1.
all: Specifies all VLANs in the isolation group.
Usage guidelines
To modify the community VLANs for an isolation group, execute the undo community-vlan vlan command to remove the existing community VLANs, and then execute the community-vlan vlan command.
Examples
# Configure VLAN 3 as a community VLAN in isolation group 1.
<Sysname> system-view
[Sysname] port-isolate group 1
[Sysname-port-isolate-group1] community-vlan vlan 3
Related commands
display port-isolate group
display port-isolate group
Use display port-isolate group to display port isolation group information.
Syntax
display port-isolate group [ group-id ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
group-id: Specifies an isolation group by its ID. The value range is 1 to 8.
Examples
# Display all isolation groups.
<Sysname> display port-isolate group
Port isolation group information:
Group ID: 1
Group members:
Ten-GigabitEthernet1/0/1
Community VLAN ID: None
Group ID: 5
Group members:
Ten-GigabitEthernet1/0/2 Ten-GigabitEthernet1/0/4
Community VLAN ID: None
# Display information about isolation group 1.
<Sysname> display port-isolate group 1
Port isolation group information:
Group ID: 1
Group members:
Ten-GigabitEthernet1/0/1
Community VLAN ID: None
Table 1 Command output
|
Field |
Description |
|
Group ID |
ID of the isolation group. |
|
Group members |
Isolated ports in the isolation group. No ports indicates that the isolation group does not contain isolated ports. |
|
Community VLAN ID |
IDs of the community VLANs in the isolation group. The (default) attribute indicates that the VLAN is the default VLAN. None indicates that the isolation group does not contain community VLANs. |
Related commands
port-isolate enable
port-isolate enable
Use port-isolate enable to assign a port to an isolation group.
Use undo port-isolate enable to remove a port from an isolation group.
Syntax
port-isolate enable group group-id
undo port-isolate enable
Default
The port is not assigned to an isolation group.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
Parameters
group group-id: Specifies an isolation group by its ID. The value range is 1 to 8.
Usage guidelines
The configuration in Layer 2 Ethernet interface view applies only to the interface.
The configuration in Layer 2 aggregate interface view applies to the Layer 2 aggregate interface and its aggregation member ports. If the device fails to apply the configuration to the aggregate interface, it does not assign any aggregation member port to the isolation group. If the failure occurs on an aggregation member port, the device skips the port and continues to assign other aggregation member ports to the isolation group.
To assign ports to an isolation group, make sure the isolation group already exists.
One port can be assigned to only one isolation group.
Examples
# Assign Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/2 to isolation group 1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] port-isolate enable group 1
[Sysname-Ten-GigabitEthernet1/0/1] quit
[Sysname] interface ten-gigabitethernet 1/0/2
[Sysname-Ten-GigabitEthernet1/0/2] port-isolate enable group 1
Related commands
display port-isolate group
port-isolate group
Use port-isolate group to create an isolation group.
Use undo port-isolate group to delete isolation groups.
Syntax
port-isolate group group-id
undo port-isolate group { group-id | all }
Default
No isolation groups exist.
Views
System view
Predefined user roles
network-admin
Parameters
group-id: Specifies an isolation group by its ID. The value range is 1 to 8.
all: Deletes all isolation groups.
Examples
# Create isolation group 1.
<Sysname> system-view
[Sysname] port-isolate group 1
