Hello David,
It is a some kind of a different approach but I think you can achieve the same thing. The configuration logic is different and I think also a bit more complicated.
You need to go to every single port that should be isolated and manually add a portfilter. The portfilter specifies to which ports a frame entering at the isolated port cannot be forwarded.
So this means you need to have a portfilter with different port IDs for every port and you cannot apply the same config to all the ports with a single command.
Here is how you block access from port 1/1/1 to all ports from 1/1/2 to 1/1/24. Ports above 1/1/24 which can be for example uplinks, like 1/1/25, 1/1/26 etc are not in this list and traffic will be forwarded out of this ports.
switch(config)# interface 1/1/1
switch(config-if)# portfilter 1/1/2-1/1/24
For port 1/1/2 you need to adapt the portfilter list.
switch(config)# interface 1/1/2
switch(config-if)# portfilter 1/1/1,1/1/3-1/1/24
For port 1/1/3 it should look like this .
switch(config)# interface 1/1/3
switch(config-if)# portfilter 1/1/1-1/1/2,1/1/4-1/1/24
For port 1/1/4 etc
switch(config)# interface 1/1/4
switch(config-if)# portfilter 1/1/1-1/1/3,1/1/5-1/1/24
Another difference is that this applies at the port level and to all VLANs. It cannot be configured per VLAN.
SO this is how it should work for my understanding but I didn't have to chance to test this yet.
Usually you should use Private VLAN for such type of intra VLAN micro isolation in CX but PVLAN is not supported by Aruba 6000.
------------------------------
Emil Gogushev
------------------------------
Original Message:
Sent: Jan 07, 2022 06:27 AM
From: David Soleiman
Subject: How to do Port Isolation in Aruba CX 6000 switch?
Hi Emil,
Thank you for the suggestion.
But do you think the "portfilter" can achieve the same goal of "port isolation", to isolated each ports in CX 6000 series to "see" each other except for the uplink port?
------------------------------
David Soleiman
Original Message:
Sent: Jan 07, 2022 03:18 AM
From: Emil Gogushev
Subject: How to do Port Isolation in Aruba CX 6000 switch?
Hello,
I think the only option on this platform is portfilter. Please have a look at Chapter 11 Port Filtering, page 150
https://www.arubanetworks.com/techdocs/AOS-CX/10.09/PDF/fundamentals_4100i-6000-6100.pdf
------------------------------
Emil Gogushev
Original Message:
Sent: Jan 06, 2022 12:47 AM
From: David Soleiman
Subject: How to do Port Isolation in Aruba CX 6000 switch?
Hi All,
My customer need to know how to enable "port isolation" in Aruba CX 6000 switch.
They are a service provider that providing internet connection in a highrise residential. Each room will be provided one ethernet port connected to CX 6000 switches in every floor. Each user that using the ethernet port must not be able to see other user in different ethernet port. They can only see the uplink.
I believe in Aruba OS switch series we can use "isolation-list", but how to do this in CX switch?
Best Regards,
David
------------------------------
David Soleiman
------------------------------