Configuring port isolation, Assigning a port to an isolation group, Displaying and maintaining port isolation – H3C Technologies H3C S5560 Series Switches User Manual

57

Configuring port isolation

The port isolation feature isolates Layer 2 traffic for data privacy and security without using VLANs.
Ports in an isolation group cannot communicate with each other. However, they can communicate with

ports outside the isolation group.

Assigning a port to an isolation group

The device supports multiple isolation groups, which can be configured manually. The number of ports

assigned to an isolation group is not limited.
To assign a port to an isolation group:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Create an isolation
group.

port-isolate group group-number

By default, no isolation group exists.

3.

Enter interface view.

•

Enter Layer 2 Ethernet

interface view:

interface interface-type
interface-number

•

Enter Layer 2 aggregate

interface view:
interface bridge-aggregation

interface-number

•

The configuration in Layer 2 Ethernet

interface view applies only to the
interface.

•

The configuration in Layer 2 aggregate

interface view applies to the Layer 2
aggregate interface and its

aggregation member ports. If the

device fails to apply the configuration
to the aggregate interface, it does not

assign any aggregation member port

to the isolation group. If the failure
occurs on an aggregation member

port, the device skips the port and

continues to assign other aggregation
member ports to the isolation group.

4.

Assign the port to the
specified isolation

group.

port-isolate enable group
group-number

By default, the port is not in any isolation
group.
You can assign a port to at most one
isolation group. If you execute the

port-isolate enable group command

multiple times, the most recent
configuration takes effect.

Displaying and maintaining port isolation

Execute display commands in any view.