46
Configuring port isolation
Port isolation enables isolating Layer 2 traffic for data privacy and security without using VLANs. You
can also use this feature to isolate the hosts in a VLAN from one another.
To use the feature, assign ports to a port isolation group. Ports in an isolation group are called
"isolated ports." One isolated port cannot forward Layer 2 traffic to any other isolated port on the
same switch, even if they are in the same VLAN. An isolated port can communicate with any port
outside the isolation group if they are in the same VLAN.
The switch series supports only one isolation group "isolation group 1." The isolation group is
automatically created and cannot be deleted. There is no limit on the number of member ports.
Assigning a port to the isolation group
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enter interface view or port
group view.
• Enter Ethernet interface
view:
interface interface-type
interface-number
• Enter Layer 2 aggregate
interface view:
interface
bridge-aggregation
interface-number
• Enter port group view:
port-group manual
port-group-name
Use one of the commands.
• In Ethernet interface view,
the subsequent
configurations apply to the
current port.
• In Layer 2 aggregate
interface view, the
subsequent configurations
apply to the Layer 2
aggregate interface and all
its member ports.
• In port group view, the
subsequent configurations
apply to all ports in the port
group.
3. Assign the port or ports to
the isolation group as an
isolated port or ports.
port-isolate enable
No ports are added to the
isolation group by default.
Displaying and maintaining the isolation group
Task Command Remarks
Display isolation group
information.
display port-isolate group
[
|
{
begin
|
exclude
|
include
} regular-expression ]
Available in any view
Port isolation configuration example
Network requirements
As shown in Figure 12, Host A, Host B, and Host C are connected to Ethernet 1/0/1, Ethernet 1/0/2,
and Ethernet 1/0/3 of Device, and Device is connected to the Internet through Ethernet 1/0/4. All
these ports are in the same VLAN.
To Next Page
Loading...
Need help?
General
