17
PORT ISOLATION CONFIGURATION
When configuring port isolation, go to these sections for information you are
interested in:
■ “Introduction to Port Isolation” on page 157
■ “Configuring an Isolation Group” on page 157
■ “Displaying Isolation Groups” on page 158
■ “Port Isolation Configuration Example” on page 158
Introduction to Port
Isolation
To implement Layer 2 isolation, you can add different ports to different VLANs.
However, this will waste the limited VLAN resource. With port isolation, the ports
can be isolated within the same VLAN. Thus, you need only to add the ports to the
isolation group to implement Layer 2 and Layer 3 isolation. This provides you with
more secure and flexible networking schemes.
On the current device:
■ A device supports only one isolation group that is created automatically by the
system as Isolation Group 1. The user can neither delete the isolation group nor
create other isolation groups.
■ There is no restriction on the number of ports to be added to an isolation
group.
■ A port inside an isolation group and a port outside the isolation group can
communicate with each other at Layer 2 and Layer 3. Ports of the isolation
group cannot communicate with each other.
Configuring an
Isolation Group
Adding a Port to an
Isolation Group
Follow these steps to add a port to an isolation group:
To do… Use the command… Remarks
Enter system view system-view -
Enter
Ethernet
port view
or port
group
view
Enter
Ethernet
port view
interface interface-type
interface-number
Use either command.
Configured in Ethernet port view, the
setting is effective on the current port
only; configured in port group view,
the setting is effective on all ports in
the port group.
Enter port
group
view
port-group { manual
port-group-name |
aggregation agg-id }
To Next Page
Loading...
