How to use port isolation to prevent users in the same VLAN from communicating with each other

Port isolation can isolate interfaces in the same VLAN. You can add interfaces to a port isolation group to prevent these interfaces from sending data packets to each other.

For example, GE0/0/1 and GE0/0/2 belong to VLAN10. You can configure port isolation to prevent users connected to GE0/0/1 and GE0/0/2 respectively from sending data packets to each other.
system-view
[HUAWEI] vlan 10
[HUAWEI-vlan10] quit
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] port link-type access
[HUAWEI-GigabitEthernet0/0/1] port default vlan 10
[HUAWEI-GigabitEthernet0/0/1] port-isolate enable
[HUAWEI-GigabitEthernet0/0/1] quit
[HUAWEI] interface gigabitethernet 0/0/2
[HUAWEI-GigabitEthernet0/0/2] port link-type access
[HUAWEI-GigabitEthernet0/0/2] port default vlan 10
[HUAWEI-GigabitEthernet0/0/2] port-isolate enable
[HUAWEI-GigabitEthernet0/0/2] quit

Scroll to top