Configuring port isolation
The port isolation feature is supported on SAP cards that are operating in bridge mode.
Overview
Port isolation enables isolating Layer 2 traffic for data privacy and security without using VLANs. You can
also use this feature to isolate the hosts in a VLAN from one another.
The device supports only one isolation group that is created automatically by the system as isolation
group 1. You can neither remove the isolation group nor create other isolation groups
Assigning ports to the isolation group
Step
1.
Enter system view.
2.
Enter interface view or port
group view.
3.
Assign ports to the
isolation group.
After you configure a command on a Layer 2 aggregate interface, the system starts applying the
configuration to the aggregate interface and its aggregation member ports. If the system fails to do that
on the aggregate interface, it stops applying the configuration to the aggregation member ports. If it fails
to do that on an aggregation member port, it simply skips the port and moves to the next port.
Displaying and maintaining the isolation group
Task
Display isolation group information.
Command
system-view
•
Enter Layer 2 Ethernet interface
view:
interface interface-type
interface-number
•
Enter Layer 2 aggregate
interface view:
interface bridge-aggregation
interface-number
•
Enter port group view:
port-group manual
port-group-name
port-isolate enable
Command
display port-isolate group [ | { begin |
exclude | include } regular-expression ]
39
Remarks
N/A
Use one of the commands.
•
In Layer 2 Ethernet interface view,
the configurations apply only to
the port.
•
In Layer 2 aggregate interface
view, the configurations apply to
the Layer 2 aggregate interface
and all its member ports.
•
In port group view, the
configurations apply to all ports in
the port group.
No ports are assigned to the isolation
group by default.
Remarks
Available in any view.