Configure Basic Functions of Port Isolation
The port isolation function realizes unidirectional packet isolation. Assuming that port B is configured as the isolated port of port A, then if a packet whose target port is port B enters port A, the port is directly discarded. However, if a packet whose target port is port B enters port B, the port is normally forwarded. The isolated port can be a port or an aggregation group.
Port isolation is configured based on the isolation group.
- The ports in one isolation group are isolated from each other.
The ports in the isolation group can be configured as ingress, egress, both mode, and the resolutions are as follows:
Table 2-2 Configuration mode forwarding table
|
Packet Ingress Port Mode
|
Packet Egress Port Mode
|
Forward Normally or Not
|
|
Ingress mode
|
ingress mode
|
Forward normally
|
|
ingress mode
|
egress mode
|
Forbid forwarding
|
|
ingress mode
|
both mode
|
Forbid forwarding
|
|
egress mode
|
ingress mode
|
Forward normally
|
|
egress mode
|
egress mode
|
Forward normally
|
|
egress mode
|
both mode
|
Forward normally
|
|
both mode
|
ingress mode
|
Forward normally
|
|
both mode
|
egress mode
|
Forbid forwarding
|
|
both mode
|
both mode
|
Forbid forwarding
|
- The ports in the isolation group communicate with the ports not added to the isolation group normally.
The ports of different isolation groups can communicate normally.
Configuration Condition
The isolation group is already created.
Configure Port Isolation
Table 2-3 Configuring Port Isolation
|
Step
|
Command
|
Description
|
|
Enter the global configuration mode.
|
configure terminal
|
-
|
|
Enter the isolation group configuration mode
|
isolate group group-id
|
Mandatory
|
|
Add the port to the isolation group
|
interface link-aggregation link-aggregation-id [ ingress | egress | both ]
|
Mandatory
By default, the port is not added to the isolation group.
|
|
Add the aggregation group to the isolation group
|
link-aggregation link-aggregation-id [ ingress | egress | both ]
|
Mandatory
By default, the aggregation group is not added to the isolation group.
|
-
When adding one port to the isolation group, the isolation group needs to be created.
Switch
.png){kind=icon}
.png){kind=logo}
