am isolate

Function

The am isolate command isolates the current interface from a specified interface unidirectionally.

The undo am isolate command cancels unidirectional isolation between the current interface and a specified interface. If no interface is specified, unidirectional isolation between the current interface and all the other interfaces is canceled.

By default, no unidirectional isolation is configured between the current interface and a specified interface.

Format

am isolate { interface-type interface-number }&<1-8>

undo am isolate [ interface-type interface-number ]&<1-8>

am isolate interface-type interface-number1 [ to interface-number2 ]

undo am isolate [ interface-type interface-number1 [ to interface-number2 ] ]

Parameters

Parameter	Description	Value
interface-type interface-number	Specifies the type and number of the interface from which the current interface is isolated unidirectionally. interface-type specifies the type of the interface. interface-number specifies the number of the interface.	-
interface-type interface-number1 [ to interface-number2 ]	Specifies the type and number of the interface from which the current interface is isolated unidirectionally. to specifies an interface range, indicating all the interfaces numbered between interface-number1 and interface-number2.	interface-number2 must be greater than interface-number1.

Parameter

Description

Value

interface-type interface-number

Specifies the type and number of the interface from which the current interface is isolated unidirectionally.

interface-type specifies the type of the interface.
interface-number specifies the number of the interface.

interface-type interface-number1 [ to interface-number2 ]

Specifies the type and number of the interface from which the current interface is isolated unidirectionally.

to specifies an interface range, indicating all the interfaces numbered between interface-number1 and interface-number2.

interface-number2 must be greater than interface-number1.

Views

Ethernet interface view, GE interface view, XGE interface view, MultiGE interface view, 25GE interface view, 40GE interface view, 100GE interface view, Eth-Trunk interface view, port group view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The am isolate command isolates interfaces unidirectionally. For example, if interface A is isolated from interface B unidirectionally, packets sent from interface A cannot reach interface B, but packets sent from interface B can reach interface A. Unidirectional isolation needs to be configured in the following scenarios:

When multiple hosts connect to different interfaces of a device and a host sends many broadcast packets to the other hosts, isolate the interface connected to the host from other interfaces unidirectionally. Then the other hosts do not receive packets from the host.
Interfaces in a port isolation group are isolated from each other, but interfaces in different port isolation groups can communicate. To isolate interfaces in different port isolation groups, configure unidirectional isolation between these interfaces.

By default, only Layer 2 packets of the current interface are isolated from a specified interface, but Layer 3 packets are not isolated. To isolate both Layer 2 and Layer 3 packets on interfaces unidirectionally, run the port-isolate mode all command.

Precautions

An interface can be unidirectionally isolated from another type of interface. However, an interface cannot be unidirectionally isolated from itself or from the management interface. In addition, an Eth-Trunk cannot be unidirectionally isolated from its member interfaces.

An interface can be isolated from a maximum of 128 interfaces unidirectionally.

Example

# Isolate GE0/0/1 from GE0/0/2 unidirectionally.

<HUAWEI> system-view
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] am isolate gigabitethernet 0/0/2