Interface Isolation
Interface isolation provides the ability to group interfaces in sets where traffic from each port is isolated from other interfaces in the group. The isolated interfaces in the group, however, are able to communicate with the interface marked as privileged.
Create the VLANs to be used.
switch
(config) # vlan2
-5
switch
(config vlan2
-5
) # exitUnlock isolation interface protocol.
switch
(config) # protocol isolation-groupCreate isolation Group A.
switch
(config) # isolation-group GroupAAssign VLANs 2 and 3 to isolation Group A.
switch
(config isolation-group GroupA) # vlan2
-3
switch
(config isolation-group GroupA) # exitCreate isolation Group B.
switch
(config) # isolation-group GroupBAssign VLANs 4 and 5 to isolation Group B.
switch
(config isolation-group GroupB) # vlan4
-5
switch
(config isolation-group GroupB) # exitSet Ethernet interfaces 1-3 to access for VLAN 3.
switch
(config) #interface
ethernet1
/1
switchport access vlan3
switch
(config) #interface
ethernet1
/2
switchport access vlan3
switch
(config) #interface
ethernet1
/3
switchport access vlan3
Isolate Ethernet interfaces 1 and 2 and set Ethernet interfaces 3 as privileged.
switch
(config) #interface
ethernet1
/1
-1
/2
isolation-group GroupA mode isolatedswitch
(config) #interface
ethernet1
/3
isolation-group GroupA mode privilegedEnable isolation Group A.
(config) # isolation-group GroupA no shutdown
Set Ethernet interfaces 4-6 to trunk.
switch
(config) #interface
ethernet1
/4
switchport mode trunkswitch
(config) #interface
ethernet1
/5
switchport mode trunkswitch
(config) #interface
ethernet1
/6
switchport mode trunkIsolate Ethernet interfaces 4 and 5 and set Ethernet interfaces 6 as privileged.
switch
(config) #interface
ethernet1
/4
-1
/5
isolation-group GroupA mode isolatedswitch
(config) #interface
ethernet1
/6
isolation-group GroupA mode privilegedEnable isolation Group B.
switch
(config) # isolation-group GroupB no shutdownVerify configuration.
switch
(config) # show isolation-group Isolation group: GroupA State: Enabled VLANs:2
,3
Privileged port: Eth1/3
Isolated ports: Eth1/1
, Eth1/2
Isolation group: GroupB State: Enabled VLANs:4
,5
Privileged port: Eth1/6
Isolated ports: Eth1/4
, Eth1/5
protocol isolation-group
protocol isolation-group Enables interface isolation and unlocks further isolation-group commands. | ||
Syntax Description | N/A | |
Default | Disabled | |
Configuration Mode | config | |
History | 3.6.1002 | |
Example | switch (config) # protocol isolation-group | |
Related Commands | show isolation-group | |
Notes |
|
isolation-group
isolation-group <name> Creates isolation group. | ||
Syntax Description | N/A | |
Default | N/A | |
Configuration Mode | config | |
History | 3.6.1002 | |
Example | switch (config) # isolation-group mygroup | |
Related Commands | protocol isolation-group | |
Notes |
|
shutdown
shutdown Disables isolation group. | ||
Syntax Description | N/A | |
Default | Disabled | |
Configuration Mode | config isolation group | |
History | 3.6.1002 | |
Example | switch (config isolation-group mygroup) # no shutdown | |
Related Commands | protocol isolation-group | |
Notes | Enabling isolation groups fails if there are VLANs with ports both inside and outside the group |
vlan
vlan <vid> Adds a VLAN to isolation group. | ||
Syntax Description | N/A | |
Default | N/A | |
Configuration Mode | config isolation group | |
History | 3.6.1002 | |
Example | switch (config isolation-group mygroup) # vlan 10 | |
Related Commands | protocol isolation-group | |
Notes |
|
isolation-group mode
isolation-group <name> mode {isolated | privileged} Adds a VLAN to isolation group. | ||
Syntax Description | name | The isolation group name |
isolated | Configures this interface as isolated | |
privileged | Configures this interface as privileged | |
Default | N/A | |
Configuration Mode | config interface ethernet | |
History | 3.6.1002 | |
Example | switch (config interface ethernet 1/2) # isolation-group mygroup mode privileged | |
Related Commands | protocol isolation-group | |
Notes |
show isolation-group
show isolation-group <name> Displays isolation group information. | ||
Syntax Description | N/A | |
Default | N/A | |
Configuration Mode | Any command mode | |
History | 3.6.1002 | |
3.6.5000 | Updated Example | |
Example | switch (config) # show isolation-group mygroup | |
Related Commands | ||
Notes |