158 CHAPTER 17: PORT ISOLATION CONFIGURATION
Displaying Isolation
Groups
Port Isolation
Configuration
Example
Networking Requirement
■ Users Host A, Host B, and Host C are connected to GigabitEthernet1/0/1,
GigabitEthernet1/0/2, and GigabitEthernet1/0/3 of Device.
■ Device is connected to an external network through Ethernet 2/0/4.
■ GigabitEthernet1/0/1, GigabitEthernet1/0/2, GigabitEthernet1/0/3, and
Ethernet 2/0/4 belong to the same VLAN. It is desired that Host A, Host B, and
Host C cannot communicate with each other at Layer 2/Layer 3, but can access
the external network.
Networking diagram
Figure 44 Network diagram for port isolation configuration
Configuration procedure
# Add ports GigabitEthernet1/0/1, GigabitEthernet1/0/2 and GigabitEthernet1/0/3
to the isolation group.
<Device> system-view
[Device] interface GigabitEthernet1/0/1
[Device-GigabitEthernet1/0/1] port-isolate enable
[Device-GigabitEthernet1/0/1] quit
[Device] interface GigabitEthernet1/0/2
[Device-GigabitEthernet1/0/2] port-isolate enable
[Device-GigabitEthernet1/0/2] quit
Add a port to an
isolation group as an
ordinary port
port-isolate enable group
group-number
Required
No ports are added to the isolation
group by default.
To do… Use the command… Remarks
To do… Use the command… Remarks
Display an isolation group and
its information
display port-isolate group Available in any view
Internet
Host A Host B Host C
GE1/0/2
GE1 /0/ 1 GE 1/0 /3
GE1/0/4
Device
To Next Page
Loading...
