Chapter 26 Port Isolation Commands
Port Isolation provides a method of restricting traffic flow to improve the network security by
forbidding the port to forward packets to the ports that are not on its forwarding port list.
26.1 port isolation
Description
The port isolation command is used to configure the forward port/port
channel list of a port/port channel, so that this port/port channel can only
communicate with the ports/port channels on its list. To delete the
corresponding configuration, please use no port isolation command.
Syntax
port isolation { [ gi-forward-list
gi-forward-list
] [ po-forward-list
po-forward-list
] }
no port isolation
Parameter
gi-forward-list
—— The list of Ethernet ports.
po
-forward-list
—— The list of port channels.
Command Mode
Interface Configuration Mode (interface gigabitEthernet / interface range
gigabitEthernet)
Privilege Requirement
Only Admin and Operator level users have access to these commands.
Example
Set port 1, 2, 4 and port channel 2 to the forward list of port 1/0/5:
T2500G-10TS(config)# interface gigabitEthernet 1/0/5
T2500G-10TS(config-if)# port isolation gi-forward-list 1/0/1-2,1/0/4
po-forward-list 2
Set all Ethernet ports and port channels to forward list of port 1/0/2, namely
restore to the default setting:
T2500G-10TS(config)# interface gigabitEthernet 1/0/2
T2500G-10TS(config-if)# no port isolation
200
To Next Page
Loading...
