H3C LS-3100-52P-OVS-H3 Operation Manual - Port Isolation Configuration
1-1
1
Port Isolation Configuration
When configuring port isolation, go to these sections for information you are interested in:
z
Introduction to Port Isolation
z
Configuring the Isolation Group for a Single-Isolation-Group Device
z
Displaying and Maintaining Isolation Groups
z
Port Isolation Configuration Example
Introduction to Port Isolation
Usually, Layer 2 traffic isolation is achieved by assigning ports to different VLANs. To save VLAN
resources, port isolation is introduced to isolate ports within a VLAN, allowing for great flexibility and
security.
Currently:
z
Some devices support only one isolation group that is created automatically by the system as
isolation group 1. These devices are referred to as single-isolation-group devices. You can neither
remove the isolation group nor create other isolation groups on such devices.
z
There is no restriction on the number of ports assigned to an isolation group.
Configuring the Isolation Group for a Single-Isolation-Group Device
Assigning a Port to the Isolation Group
Follow these steps to add a port to the isolation group:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enter Ethernet
interface view
interface interface-type
interface-number
Enter Layer-2
aggregate
interface view
interface
bridge-aggregation
interface-number
Enter
interface
view or,
port group
view
Enter port
group view
port-group manual
port-group-name
Required
Use one of the commands.
z
In Ethernet interface view, the
subsequent configurations apply to
the current port.
z
In Layer-2 aggregate interface view,
the subsequent configurations apply
to the Layer-2 aggregate interface
and all its member ports.
z
In port group view, the subsequent
configurations apply to all ports in the
port group.
Assign the port or ports to the
isolation group as an isolated
port or ports
port-isolate enable
Required
No ports are added to the isolation group
by default.