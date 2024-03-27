On This Page
Interface Isolation
Interface isolation provides the ability to group interfaces in sets where traffic from each port is isolated from other interfaces in the group. The isolated interfaces in the group, however, are able to communicate with the interface marked as privileged.
Create the VLANs to be used.
switch(config) # vlan
2-
5
switch(config vlan
2-
5) # exit
Unlock isolation interface protocol.
switch(config) # protocol isolation-group
Create isolation Group A.
switch(config) # isolation-group GroupA
Assign VLANs 2 and 3 to isolation Group A.
switch(config isolation-group GroupA) # vlan
2-
3
switch(config isolation-group GroupA) # exit
Create isolation Group B.
switch(config) # isolation-group GroupB
Assign VLANs 4 and 5 to isolation Group B.
switch(config isolation-group GroupB) # vlan
4-
5
switch(config isolation-group GroupB) # exit
Set Ethernet interfaces 1-3 to access for VLAN 3.
switch(config) #
interfaceethernet
1/
1switchport access vlan
3
switch(config) #
interfaceethernet
1/
2switchport access vlan
3
switch(config) #
interfaceethernet
1/
3switchport access vlan
3
Isolate Ethernet interfaces 1 and 2 and set Ethernet interfaces 3 as privileged.
switch(config) #
interfaceethernet
1/
1-
1/
2isolation-group GroupA mode isolated
switch(config) #
interfaceethernet
1/
3isolation-group GroupA mode privileged
Enable isolation Group A.
(config) # isolation-group GroupA no shutdown
Set Ethernet interfaces 4-6 to trunk.
switch(config) #
interfaceethernet
1/
4switchport mode trunk
switch(config) #
interfaceethernet
1/
5switchport mode trunk
switch(config) #
interfaceethernet
1/
6switchport mode trunk
Isolate Ethernet interfaces 4 and 5 and set Ethernet interfaces 6 as privileged.
switch(config) #
interfaceethernet
1/
4-
1/
5isolation-group GroupA mode isolated
switch(config) #
interfaceethernet
1/
6isolation-group GroupA mode privileged
Enable isolation Group B.
switch(config) # isolation-group GroupB no shutdown
Verify configuration.
switch(config) # show isolation-group Isolation group: GroupA State: Enabled VLANs:
2,
3Privileged port: Eth1/
3Isolated ports: Eth1/
1, Eth1/
2Isolation group: GroupB State: Enabled VLANs:
4,
5Privileged port: Eth1/
6Isolated ports: Eth1/
4, Eth1/
5
protocol isolation-group
|
protocol isolation-group
no protocol isolation-group
Enables interface isolation and unlocks further isolation-group commands.
The no form of the command disables interface isolation and locks other isolation-group commands.
|
Syntax Description
|
N/A
|
Default
|
Disabled
|
Configuration Mode
|
config
|
History
|
3.6.1002
|
Example
|
switch (config) # protocol isolation-group
|
Related Commands
|
show isolation-group
|
Notes
|
isolation-group
|
isolation-group <name>
no isolation-group <name>
Creates isolation group.
The no form of the command deletes isolation group.
|
Syntax Description
|
N/A
|
Default
|
N/A
|
Configuration Mode
|
config
|
History
|
3.6.1002
|
Example
|
switch (config) # isolation-group mygroup
|
Related Commands
|
protocol isolation-group
show isolation-group
|
Notes
|
shutdown
|
shutdown
no shutdown
Disables isolation group.
The no form of the command enables isolation group.
|
Syntax Description
|
N/A
|
Default
|
Disabled
|
Configuration Mode
|
config isolation group
|
History
|
3.6.1002
|
Example
|
switch (config isolation-group mygroup) # no shutdown
|
Related Commands
|
protocol isolation-group
isolation-group
show isolation-group
|
Notes
|
Enabling isolation groups fails if there are VLANs with ports both inside and outside the group
vlan
|
vlan <vid>
no vlan <vid>
Adds a VLAN to isolation group.
The no form of the command removes a VLAN from an isolation group.
|
Syntax Description
|
N/A
|
Default
|
N/A
|
Configuration Mode
|
config isolation group
|
History
|
3.6.1002
|
Example
|
switch (config isolation-group mygroup) # vlan 10
|
Related Commands
|
protocol isolation-group
isolation-group
show isolation-group
|
Notes
|
isolation-group mode
|
isolation-group <name> mode {isolated | privileged}
no isolation-group <name> mode {isolated | privileged}
Adds a VLAN to isolation group.
The no form of the command removes a VLAN from an isolation group.
|
Syntax Description
|
name
|
The isolation group name
|
isolated
|
Configures this interface as isolated
|
privileged
|
Configures this interface as privileged
|
Default
|
N/A
|
Configuration Mode
|
config interface ethernet
config interface port-channel
|
History
|
3.6.1002
|
Example
|
switch (config interface ethernet 1/2) # isolation-group mygroup mode privileged
|
Related Commands
|
protocol isolation-group
isolation-group
show isolation-group
|
Notes
show isolation-group
|
show isolation-group <name>
Displays isolation group information.
|
Syntax Description
|
N/A
|
Default
|
N/A
|
Configuration Mode
|
Any command mode
|
History
|
3.6.1002
|
3.6.5000
|
Updated Example
|
Example
|
switch (config) # show isolation-group mygroup
|
Related Commands
|
Notes