This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Port isolation

Port isolation

Go to solution
jamesrdelaney
New Contributor

‎02-23-2021 04:23 PM

I would like to isolate some of my clients from other clients in the same VLAN.

 

I need each isolated client to be able to:

  • Receive DHCP from DHCP server
  • Access the internet

But I need each isolated client not to be able to talk in any way to the other isolated clients

 

I would also like to be able to ping the isolated clients from my laptop on a port that is not isolated for monitoring

 

I have tried to simulate this using eg:

configure ports 33 isolation on

configure ports 34 isolation on

 

When I plug two laptops into 33 and 34 and run wireshark on the laptop on port 34 I can see some broadcast messages from coming from the laptop in port 33 

 

Am I missing something - is my design OK?

Or do I need to restart the switch or something after issueing the command?

 

Switch type: X440G2-48td-10G

Version: 21.1.4

 

Thanks for any help!

James

 

 

 

 

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
FredrikB
Contributor II

‎03-01-2021 04:38 PM

If you use port isolation in two switches and connect them via a distribution switch, the clients on one switch will still see the clients on the other one unless the dist also uses isolation. If you cascade the switches (no dist between them), you can isolate the downlink to the “downstream” switch in the “upstream” switch, but it will not work if you use EAPS or RSTP for redundancy.

If you still see broadcasts between two isolated ports, this feature may not be very good. I’d recommend upgrading to a recent EXOS before experimenting further. Right now, EXOS 30.7.1.1-patch1-54 is recommended for X440-G2 and EXOS 31.2.1.1  is the “Recommended Latest Feature Release”. I’d go for 31.2.

View solution in original post

0 Kudos
3 REPLIES 3

Go to solution
FredrikB
Contributor II

‎03-01-2021 04:38 PM

If you use port isolation in two switches and connect them via a distribution switch, the clients on one switch will still see the clients on the other one unless the dist also uses isolation. If you cascade the switches (no dist between them), you can isolate the downlink to the “downstream” switch in the “upstream” switch, but it will not work if you use EAPS or RSTP for redundancy.

If you still see broadcasts between two isolated ports, this feature may not be very good. I’d recommend upgrading to a recent EXOS before experimenting further. Right now, EXOS 30.7.1.1-patch1-54 is recommended for X440-G2 and EXOS 31.2.1.1  is the “Recommended Latest Feature Release”. I’d go for 31.2.

0 Kudos

Go to solution
jamesrdelaney
New Contributor

‎02-24-2021 03:42 PM

Hi Stefan

So port isolation only works on a single switch?

Thanks

James

 

0 Kudos

Go to solution
Stefan_K_
Valued Contributor

‎02-23-2021 04:31 PM

Can’t help you with your problem but if this vlan spans across several different switches, then port isolation is not the way to go anyways… Private VLAN would be the best solution here or ACLs.

0 Kudos
GTM-P2G8KFN