Precautions for configuring port isolation on S series switches


Precautions for configuring port isolation on S series switches (except the S1700) are as follows:
1. Port isolation takes effect only for interfaces on the same switch, and cannot take effect for interfaces on different switches.
2. Interfaces in a port isolation group are isolated from each other, but interfaces in different port isolation groups can communicate. If the group-id parameter is not specified, interfaces are added to port isolation group 1 by default.
3. For S series switches, the default port isolation mode is Layer 2 isolation and Layer 3 interworking. To configure Layer 2 and Layer 3 isolation, run the port-isolate mode all command in the system view.

Other related questions:
Configure port isolation on the S1728GWR-4P switch
Configure port isolation on an S1728GWR-4P switch as follows: 1. Choose Security > Port Isolation. 2. Set Interface to Port or Trunk. 3. Enable or disable port isolation on a specified interface or trunk. 4. Click Apply to complete the configuration.

Difference between port isolation and ACLs on S series switches
For S series switches (except S1700 switches): The port isolation function isolates interfaces in a VLAN, providing secure and flexible networking solutions. To implement Layer 2 isolation between interfaces, you can add each interface to a different VLAN. This method, however, wastes VLAN resources. Port isolation can isolate interfaces in the same VLAN, and a port isolation group can effectively implement Layer 2 isolation between these interfaces. It provides secure and flexible networking solutions. An ACL is a packet filter that filters packets based on rules. A switch with an ACL configured matches packets based on the rules to obtain the packets of a certain type, and then decides to forward or discard these packets according to the policies used by the service module to which the ACL is applied. For example, after an ACL is applied to a traffic policy or simplified traffic policy, access rights of the users on different network segments are restricted, preventing security risks caused by uncontrolled mutual access between different network segments.

Precautions for the configuration of multicast BFD sessions on S series switches
For S series switches, the packets sent by multicast BFD are untagged. When a BFD interface receives a tagged BFD packet, the BFD module checks whether the VLAN ID of the BFD packet is the same as the default VLAN ID on the interface. If not, the BFD module discards the packet. To configure multicast BFD on an interface, run the port default vlan command to specify the default VLAN of the interface.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top