Port isolation configuration
Introduction to port isolation
Assigning access ports to different VLANs is a typical way to isolate Layer 2 traffic for data privacy and
security, but this approach is demanding on VLAN resources. To isolate Layer 2 traffic without using
VLANs, HP introduced the port isolation feature.
To use the feature, you assign ports to a port isolation group. Ports in an isolation group are called
"isolated ports." An isolated port does not forward any Layer 2 traffic to any other isolated port on the
same switch, even if they are in the same VLAN. Still, an isolated port can communicate with any other
port outside the isolation group, provided that they are in the same VLAN.
The A3100 v2 switch series support one isolation group called "isolation group 1." This isolation group
is automatically created and cannot be deleted. There is no limit on the number of member ports.
Configuring the isolation group
Follow these steps to assign a port to the isolation group:
Enter system view
view or port
Assign the port or ports to
the isolation group
If the switch fails to apply the port-isolate enable command to a Layer 2 aggregate interface, it does not
assign any member port of the aggregate interface to the isolation group. If the failure occurs on a
member port, the switch can still assign other member ports to the isolation group.
Use the command...
Use one of the commands, as follows:
To assign an Ethernet port to the isolation
group, enter Ethernet interface view.
To assign a Layer 2 aggregate interface to
the isolation group, enter Layer 2
aggregate interface view. The subsequent
configuration applies to both the Layer 2
aggregate interface and all its member
To assign multiple Ethernet ports to the
isolation group in bulk, enter port group
The isolation group does not contain any
ports by default.