Why are IP and DHCP packets isolated when only Layer 2 isolation is configured on the switch


The Layer 2 isolation function isolates packets that are forwarded based on the MAC address table, while the Layer 3 isolation function isolates packets that are forwarded based on the routing table.

When IP and DHCP packets are transparently transmitted in the switch based on the MAC address table but not the routing table, Layer 2 isolation takes effect on IP and DHCP packets.

Whether isolation can be implemented when the firewall works in Layer 2 mode
Isolation can be implemented only when the firewall works in Layer 3 mode but not in Layer 2 mode.

Configure port isolation on the S1728GWR-4P switch
Configure port isolation on an S1728GWR-4P switch as follows: 1. Choose Security > Port Isolation. 2. Set Interface to Port or Trunk. 3. Enable or disable port isolation on a specified interface or trunk. 4. Click Apply to complete the configuration.

Why is port isolation needed
To save VLAN resources, enable port isolation to isolate interfaces in a VLAN. That is, you can add interfaces to a port isolation group to implement Layer 2 or Layer 3 isolation between these interfaces. Port isolation provides secure and flexible networking schemes for customers.

Configure ACLs on S series switches to restrict communications between VLANs
For details about the configuration on S series switches (except S1700 switches), click Typical Configuration Examples and choose Typical Security Configuration > Typical ACL Configuration > Example for Using ACLs to Restrict Mutual Access Between Network Segments.

