15 port isolation configuration, Introduction to port isolation, Configuring an isolation group – H3C Technologies H3C WX6000 Series Access Controllers User Manual
Page 124: Adding a port to an isolation group, 1 configuring an isolation group, Port isolation configuration
15-1
15
Port Isolation Configuration
When configuring port isolation, go to these sections for information you are interested in:
z
Introduction to Port Isolation
z
Configuring an Isolation Group
z
Port Isolation Configuration Example
Introduction to Port Isolation
To implement Layer 2 isolation, you can add different ports to different VLANs. However, this will waste
the limited VLAN resource. With port isolation, the ports can be isolated within the same VLAN. Thus,
you need only to add the ports to the isolation group to implement Layer 2 and Layer 3 isolation. This
provides you with more secure and flexible networking schemes.
On the current device:
z
A device supports only one isolation group that is created automatically by the system as Isolation
Group 1. The user can neither delete the isolation group nor create other isolation groups.
z
There is no restriction on the number of ports to be added to an isolation group.
z
A port inside an isolation group and a port outside the isolation group can communicate with each
other at Layer 2 and Layer 3. Ports of the isolation group cannot communicate with each other.
Configuring an Isolation Group
Adding a Port to an Isolation Group
Follow these steps to add a port to an isolation group:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enter
Ethernet
port view
interface interface-type
interface-number
Enter
Ethernet
port view or
port group
view
Enter port
group view
port-group
{ manual
port-group-name
| aggregation
agg-id
}
Use either command.
Configured in Ethernet port view, the setting
is effective on the current port only;
configured in port group view, the setting is
effective on all ports in the port group.
Add a port to an isolation
group as an ordinary port
port-isolate enable group
group-number
Required
No ports are added to the isolation group by
default.