Norsk Forum

Reply
Aruba Employee
Posts: 15
Registered: ‎11-10-2015

Port isolation for Comware 7

Nå er dette et norsk forum, men for å sikre at alle får være med - også de som ikke snakker norsk - kort forklart - hvis klienter på en svitsj i samme vlan ikke skal kunne se hverandre er dette en måte å gjøre det på. De vil alle se ikke-isolert porter i samme nett.  Se under tasks.

 

Hi guys, 

 

just wanted to share the simplest little configuration trick for Comware 7 switches, how to isolate clients on the same VLAN from each other - based on port-isolation. This should work well and devices on the same vlan connected to ports where port-isolation is configured for the same group should NOT see each other.

 

Keep in mind that you would want to ensure that proxy arp is disabled on the default gateway just to double up - but this feature should ensure that no device with a mac address present on any isolated interface will talk to any other on another isolated interface.  

 

This means that is isolation is device-specific and will work well for a single switch or an IRF stack. There are other features to accomplish much of the same over multiple switches  but this is called private-VLAN and is somewhat more complex to configure - as this feature port-isolation just does not require any vlan settings.

 

Tasks : 

 

Task 1. Configure port-isolation group globally in system view 

 

sys

port-isolate group 1

 

Task 2. Enable port isolation on all ports that should be isolated - the uplink should not be isolated. 

 

interface gig1/0/1 

   description *Assuming this to be the uplink interface that should be able to communicate with all *

 

interface range gig1/0/2 to gig 1/0/24

 port-isolate enable group 1

 

-----

 

Enjoy   

 

 

 

 

Occasional Contributor II
Posts: 12
Registered: ‎08-31-2016

Re: Port isolation for Comware 7

Hello!!

 

I need isolete ports in order to block comunication between server. I just apply the configuration that you explain but it doesnt work!!!

 I am trying firts in HC3 lab before going to real network!!

 

cloud you have any idea??

 

best regards!!

Search Airheads
Showing results for 
Search instead for 
Did you mean: