Configuring port isolation
Port isolation enables isolating Layer 2 traffic for data privacy and security without using VLANs. You can
also use this feature to isolate the hosts in a VLAN from one another.
To use the feature, assign ports to a port isolation group. Ports in an isolation group are called "isolated
ports." One isolated port cannot forward Layer 2 traffic to any other isolated port on the same switch,
even if they are in the same VLAN. An isolated port can communicate with any port outside the isolation
group if they are in the same VLAN.
The switch series supports only one isolation group "isolation group 1." The isolation group is
automatically created and cannot be deleted. There is no limit on the number of member ports.
Assigning a port to the isolation group
Step
1.
Enter system view.
2.
Enter interface view or port
group view.
3.
Assign the port or ports to the
isolation group as an isolated
port or ports.
Displaying and maintaining the isolation group
Task
Display isolation group
information.
Command
system-view
•
Enter Ethernet interface view:
interface interface-type
interface-number
•
Enter Layer 2 aggregate
interface view:
interface bridge-aggregation
interface-number
•
Enter port group view:
port-group manual
port-group-name
port-isolate enable
Command
display port-isolate group [ | { begin |
exclude | include } regular-expression ]
55
Remarks
N/A
Use one of the commands.
•
In Ethernet interface view, the
subsequent configurations
apply to the current port.
•
In Layer 2 aggregate interface
view, the subsequent
configurations apply to the
Layer 2 aggregate interface
and all its member ports.
•
In port group view, the
subsequent configurations
apply to all ports in the port
group.
No ports are added to the isolation
group by default.
Remarks
Available in any view