Network requirements, Configuration procedure, Verifying the configuration – H3C Technologies H3C S12500 Series Switches User Manual
Page 147
134
Port isolation without community VLAN configuration example
Network requirements
As shown in
, the switch provides access to the Internet through GigabitEthernet 4/0/1. Ports
GigabitEthernet 4/0/1 through GigabitEthernet 4/0/4 belong to VLAN 2.
Configure port isolation, so the switch prevents Host A, Host B, and Host C from communicating with one
another at Layer 2, but allows them to access the Internet.
Figure 41 Network diagram
Configuration procedure
# Create VLAN 2 and assign ports to the VLAN.
<Switch> system-view
[Switch] vlan 2
[Switch-vlan2] port gigabitethernet 4/0/1 to gigabitethernet 4/0/4
[Switch-vlan2] quit
# Create isolation group 2.
[Switch] port-isolate group 2
# Assign ports GigabitEthernet 4/0/2, GigabitEthernet 4/0/3, and GigabitEthernet 4/0/4 to isolation
group 2 as isolated ports.
[Switch] interface gigabitethernet 4/0/2
[Switch-GigabitEthernet4/0/2] port-isolate enable group 2
[Switch-GigabitEthernet4/0/2] quit
[Switch] interface gigabitethernet 4/0/3
[Switch-GigabitEthernet4/0/3] port-isolate enable group 2
[Switch-GigabitEthernet4/0/3] quit
[Switch] interface gigabitethernet 4/0/4
[Switch-GigabitEthernet4/0/4] port-isolate enable group 2
[Switch-GigabitEthernet4/0/4] quit
Verifying the configuration
# Display information about isolation group 2.
[Switch] display port-isolate group 2