Port isolation configuration, Introduction to port isolation, Assigning a port to the isolation group – H3C Technologies H3C S10500 Series Switches User Manual
Page 69: Displaying and maintaining isolation groups
58
Port isolation configuration
Introduction to port isolation
Port isolation enables isolating Layer 2 traffic for data privacy and security without using VLANs. You can
also use this feature to isolate the hosts in a VLAN from one another.
To use the feature, you assign ports to a port isolation group. Ports in an isolation group are called
“isolated ports.” One isolated port cannot forward Layer 2 traffic to any other isolated port on the same
switch, even if they are in the same VLAN. Still, an isolated port can communicate with any port outside
the isolation group if they are in the same VLAN.
The switch series supports only one isolation group: “isolation group 1.” This isolation group is
automatically created and cannot be deleted. There is no limit on the number of member ports.
Assigning a port to the isolation group
Follow these steps to add a port to the isolation group:
To do…
Use the command… Remarks
Enter system view
system-view
—
Enter Ethernet
interface view
interface
interface-type
interface-number
Enter Layer 2
aggregate
interface view
interface
bridge-aggregation
interface-number
Enter
interface
view or, port
group view
Enter port group
view
port-group manual
port-group-name
Required
Use one of the commands.
•
In Ethernet interface view, the subsequent
configurations apply to the current port.
•
In Layer 2 aggregate interface view, the
subsequent configurations apply to the
Layer 2 aggregate interface and all its
member ports.
•
In port group view, the subsequent
configurations apply to all ports in the port
group.
Assign the port or ports to the
isolation group as an isolated port
or ports
port-isolate enable
Required
No ports are added to the isolation group by
default.
Displaying and maintaining isolation groups
To do…
Use the command…
Remarks
Display isolation group
information
display port-isolate group [ | { begin |
exclude | include } regular-expression ]
Available in any view