Онлайн-демонстрация
Связаться с нами
7.18. Configuring Port Isolate
Overview
Function Introduction
Port-isolation a security feature which is used to prevent from direct l2/l3 communication among a set of ports.
It can provide a safer and more flexible network solutions by isolating the ports which in the same VLAN.
Generally, it’s used as an access device for user isolation.
Principle Description
N/A
Configuration
The figure above is the basic topology for port-isolate.
Port 1 and port 8 are in the same isolate group 1, they are isolated. So port1 can not communicate with port 8. Port 9 is in a different isolate group 3, so port 9 can communicate with port 1 and port 8.
step 1 Enter the configure mode
Switch# configure terminal
step 2 Set the port isolate mode globally
The mode “l2” means only layer 2 packets are isolated. The mode “all” means all packet are isolated include the packets forward according to layer 3 routes.
Switch(config)# port-isolate mode l2
step 3 Enter the interface configure mode and set isolate group
Switch(config-if)# interface eth-0-1
Switch(config-if)# port-isolate group 1
Switch(config-if)# exit
Switch(config)# interface eth-0-8
Switch(config-if)# port-isolate group 1
Switch(config-if)# exit
Switch(config)# interface eth-0-9
Switch(config-if)# port-isolate group 3
Switch(config-if)# exit
step 4 Exit the configure mode
Switch(config)# end
step 5 Validation
Use the following command to display the port isolate groups:
Switch# show port-isolate
------------------------------------------------------
Port Isolate Groups:
------------------------------------------------------
Groups ID: 1
eth-0-1 eth-0-8
------------------------------------------------------
Groups ID: 3
eth-0-9
Application cases
N/A