Manualshelf

3Com Switch 8800 Advanced Software V5 Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 9400sl 4-Port 10-GbE Module
171172173174175176177178179180
17
PORT ISOLATION CONFIGURATION
When configuring port isolation, go to these sections for information you are
interested in:
“Introduction to Port Isolation” on page 177
“Configuring Isolation Groups on a Device” on page 178
“Displaying Isolation Groups” on page 179
“Port Isolation Configuration Example” on page 179
Introduction to Port
Isolation
To implement Layer 2 isolation, you can add different ports to different VLANs.
However, this will waste the limited VLAN resource. With port isolation, the ports
can be isolated within the same VLAN. Thus, you need only to add the ports to the
isolation group to implement Layer 2 isolation. This provides you with more secure
and flexible networking schemes.
To enable the interconnection between an isolation group and Layer 2 outside the
isolation group, you must configure an uplink port for the isolation group. The last
configuration will overwrite the previous configurations if you configure different
ports as the uplink port.
Layer 2 traffic can pass from the ports in the isolation group to the uplink port.
To enable the Layer 2 traffic to pass from the uplink port to the port in a certain
isolation group, you must configure these two ports to be in the same VLAN.
At present, for the Switch 8800 Families:
A maximum of 64 isolation groups can be configured.
There is no restriction on the number of ports to be added to an isolation
group.
n
When a port in the summary group is configured as the ordinary port for some
isolation group, the other ports of the summary group can be added to the
isolation group as ordinary ports but cannot be configured as uplink ports.
When a port in the summary group is configured as the uplink port for some
isolation group, the other ports of the summary group cannot be added to the
isolation group and the other ports of the device cannot be added to the
summary group.
The port isolation feature only isolates Layer 2 data instead of Layer 3 data.
Port isolation is independent of the VLAN the port belongs to. For ports belonging
to different VLANs, Layer 2 data can pass only from the ordinary port to the uplink
port in the same isolation group unidirectionally. Within the same VLAN, there are