Port isolation for Comware 7
12-23-2015 04:28 AM
Nå er dette et norsk forum, men for å sikre at alle får være med - også de som ikke snakker norsk - kort forklart - hvis klienter på en svitsj i samme vlan ikke skal kunne se hverandre er dette en måte å gjøre det på. De vil alle se ikke-isolert porter i samme nett. Se under tasks.
just wanted to share the simplest little configuration trick for Comware 7 switches, how to isolate clients on the same VLAN from each other - based on port-isolation. This should work well and devices on the same vlan connected to ports where port-isolation is configured for the same group should NOT see each other.
Keep in mind that you would want to ensure that proxy arp is disabled on the default gateway just to double up - but this feature should ensure that no device with a mac address present on any isolated interface will talk to any other on another isolated interface.
This means that is isolation is device-specific and will work well for a single switch or an IRF stack. There are other features to accomplish much of the same over multiple switches but this is called private-VLAN and is somewhat more complex to configure - as this feature port-isolation just does not require any vlan settings.
Task 1. Configure port-isolation group globally in system view
port-isolate group 1
Task 2. Enable port isolation on all ports that should be isolated - the uplink should not be isolated.
description *Assuming this to be the uplink interface that should be able to communicate with all *
interface range gig1/0/2 to gig 1/0/24
port-isolate enable group 1
Re: Port isolation for Comware 7
10-01-2016 05:56 AM
I need isolete ports in order to block comunication between server. I just apply the configuration that you explain but it doesnt work!!!
I am trying firts in HC3 lab before going to real network!!
cloud you have any idea??