Commands For Port Isolation Function

2.2 Commands for Port Isolation

2.2.1 isolate-port group

Command: isolate-port group <WORD>
???????????????????no isolate-port group <WORD>
Function: Set a port isolation group, which is the scope of isolating ports. The no command deletes a port isolation group and remove all ports from it.
Parameter:

  • <WORD>: name identification of the group. The valid length cannot be longer than 32 characters.

Command mode: Global Mode
Default: None.
Usage guide: Users can create different port isolation groups based on their requirements. For example, to isolate all downlink ports in a VLAN of a switch, create a port isolation group and add all downlink ports of the VLAN to it. A switch can have no more than 16 port isolation groups. To change or re-configure the port isolation group, delete the existing group with the no operation of this command.
Example: Create a port isolation group named ?test?.

active500EM>enable
active500EM#config
active500EM(config)#isolate-port group test

2.2.2 isolate-port group switchport interface

Command: isolate-port group <WORD> switchport interface [ethernet] <IFNAME>
???????????????????no isolate-port group <WORD> switchport interface [ethernet] <IFNAME>
Function: Add one port or a group of ports into a port isolation group such that it is isolated from the other ports in the group. The no command removes one port or a group of ports from the port isolation group, allowing them to communicate with ports in that group normally. If the ports removed from the group still belong to another port isolation group, they will remain isolated from the ports in that group. If an Ethernet port is a member of a convergence group, it should not be added into a port isolation group, and vice versa. A member of a port isolation group should not be added into an aggregation group. One port can be a member of one or more port isolation groups.
Parameters:

  • <WORD>: identification of the group. The valid length cannot be longer than 32 characters.
  • Ethernet: identifies the isolated ports as Ethernet followed by a list of Ethernet ports. Supports symbols like ?;? and ?-?. For example: ?ethernet 1/0/1;3;4-7;8?.
  • <IFNAME>: name of the interface, such as e1/0/1. If interface name is used, the ethernet parameter will not be required.

Command mode: Global Mode
Default: None.
Usage guide: Users can add Ethernet ports into or remove them from a port isolation group according to their requirements. When an Ethernet port is a member of more than one port isolate group, it will be isolated from every port of all groups it belongs to.
Example: Add Ethernet ports 1/0/1-2 and 1/0/5 into a port isolation group named ?test?.

active500EM(config)#isolate-port group test switchport interface ethernet 1/0/1-2;1/0/5

2.2.3 isolate-port apply

Command: isolate-port apply [<l2|l3|all>] Function: This command will apply the port isolation configuration to isolate layer-2 flows, layer-3 flows, or all flows.
Parameters:

  • <l2|l3|all>: flow to be isolated.
    • l2: isolating layer-2 flows.
    • l3: isolating layer-3 flows.
    • all: isolating all flows.

Command mode: Global Mode
Default: Isolate all flows.
Usage guide: User can apply the port isolation configuration to isolate layer-2 flows, layer-3 flows, or all flows according to their requirements.
Example: Only apply port isolation to layer-2 flows on the switch.

active500EM(config)#isolate-port apply l2

2.2.4 show isolate-port group

Command: show isolate-port group [<WORD>] Function: Display the configuration of port isolation, including all configured port isolation groups and Ethernet ports in each group.
Parameters:

  • <WORD>: name identification of the group. The valid length can be no longer than 32 characters.
  • no parameter: display the configuration of all port isolation groups.

Command mode: Admin Mode and Global Mode
Default: Display the configuration of all port isolation groups.
Usage guide: Users can view the configuration of port isolation with this command.
Example: Display the port isolation configuration of the port isolation group named ?test?.

active500EM(config)#show isolate-port group test
Isolate-port group test
The isolate-port Ethernet1/0/5
The isolate-port Ethernet1/0/2


Return to Controller Wired CLI Table of Contents