< Home

port-isolate enable

Function

The port-isolate enable command enables port isolation.

The undo port-isolate enable command disables port isolation.

By default, port isolation is disabled.

Format

port-isolate enable [ group group-id ]

undo port-isolate enable [ group group-id ]

Parameters

Parameter

Description

Value

group group-id

Specifies the ID of a port isolation group.

The value is an integer that ranges from 1 to 64.

Views

Ethernet interface view, GE interface view, XGE interface view, MultiGE interface view, 100GE interface view, 25GE interface view, 40GE interface view, port group view, Eth-Trunk interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To implement Layer 2 isolation between interfaces, add different interfaces to different VLANs. This, however, wastes VLAN resources. To save VLAN resources, enable port isolation to isolate interfaces in a VLAN. That is, you can add interfaces to a port isolation group to implement Layer 2 isolation between these interfaces. Port isolation provides secure and flexible networking schemes for customers.

Precautions

  • After port isolation is configured, ports are isolated at Layer 2 but can communicate at Layer 3 by default. To configure both Layer 2 isolation and Layer 3 isolation, run the port-isolate mode all command.

  • Interfaces in a port isolation group are isolated from each other, but interfaces in different port isolation groups can communicate. If group-id is not specified, interfaces are added to port isolation group 1 by default.

Example

# Enable port isolation on GE0/0/1.

<HUAWEI> system-view
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] port-isolate enable group 1
Parent Topic: Ethernet Interface Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >