In this article I will give an example of configuring Switchport Protected on Allied Telesis switches, for the test I will take an AT-8000S/24 switch.
Continue reading “Configuring Switchport Protected on Allied Telesis”Tag Archives: Port Isolation
Configuring Traffic Segmentation on D-Link Switches
I will give an example of setting up Traffic Segmentation on D-Link switches.
Traffic Segmentation prohibits ports to communicate with each other directly, on other manufacturers’ switches, this function is called Protected Ports, Port Isolation, etc.
Before configuring Traffic Segmentation, you need to know exactly which of the Uplink ports, let’s say on the switch DES-3200-18 C1, port 17 is incoming (uplink), then we execute the following two commands:
Continue reading “Configuring Traffic Segmentation on D-Link Switches”
Configuring Protected Ports on Cisco
On the test, I will configure the Cisco Catalyst WS-C3750-48TS-S.
And so, all ports are configured as access, except for the first Gigabit uplink port, it is configured as a trunk and the Internet on the client vlan with the tag comes to it.
We need all the ports on this switch to not see each other and see only the first gigabit ulink port.
To do this, connect to the switch and go into the configuration mode:
enable configure terminal
Then, we issue the switchport protected command for all access ports:
interface range fastEthernet 1/0/1-48 switchport protected interface range gigabitEthernet 1/0/2-4 switchport protected exit exit
Save the configuration:
write
Apparently interface gigabitEthernet 1/0/1 we did not touch.
Now the ports on which the switchport protected command is registered do not see the other ports on which this command is also registered, they see only the ports where it is not registered, that is, in our case the first gigabit ulink port, and it sees all the ports with the command and without.
Information about ports can be viewed by the command:
show interfaces NAME switchport
View full configuration:
show running-config
See also:
Port isolation on Huawei switches
Port isolation on the ZyXEL MES-3528 switch
Port isolation on the ZyXEL MES-3528 switch
On the test, I isolate the ports from each other, allowing traffic to go only to uplink (the port from which the Internet comes), I have it 25.
Let’s connect to the switch and see the current configuration:
show running-config
Now go into the configuration mode:
configure
Isolate the necessary ports, except the uplink port:
interface port-channel 1-24,26-28 vlan1q port-isolation exit exit
Save the configuration:
write memory
The ports on which the vlan1q port-isolation command is written do not see other ports with the same command, but see the ports without it and the switch CPU. Ports without the command vlan1q port-isolation see the ports with it and without it.
See also:
Port isolation on Huawei switches
Configuring Protected Ports on Cisco
Port isolation on Huawei switches
On the test I’ll take the Huawei Quidway S2326TP-EI and Huawei Quidway S3928P-EI switches, in which the uplink Gigabit Ethernet port 0/0/1 (the Internet comes to it), all other ports are in the same VLAN and you need to prevent them from seeing each other. To do this, execute the port-isolate enable command for each interface (port), except uplink GigabitEthernet 0/0/1.
We connect to the switch through the console or telnet and switch to the mode of elevated privileges:
system-view
We execute the command for interfaces:
interface Ethernet 0/0/1 port-isolate enable interface Ethernet 0/0/2 port-isolate enable interface Ethernet 0/0/3 port-isolate enable etc. interface Ethernet 0/0/24 port-isolate enable quit interface GigabitEthernet 0/0/2 port-isolate enable
For Huawei Quidway S3928P-EI there will be other commands:
interface Ethernet1/0/1 port isolate interface Ethernet1/0/2 port isolate ... interface GigabitEthernet 1/1/2 port isolate interface GigabitEthernet 1/1/3 port isolate interface GigabitEthernet 1/1/4 port isolate
Leave the interface setup mode:
quit
Let’s leave the regime of elevated privileges:
quit
Save the configuration:
save
Now the ports on which the port-isolate enable command is written do not see the other ports on which this command is also registered, they see only the ports where it is not registered, that is, in our case uplink port GigabitEthernet 0/0/1, and it, as on It does not have this command, it sees all the ports with the command and without.
See also:
Configuring the Huawei Quidway Switch S2326TP-EI
Configuring Port isolation on Cisco
Port isolation on the ZyXEL switch
Port isolation on Foxgate switches
For the test, I will configure on the Foxgate S6224-S4, S6224-S2, S6208, and so on.
Connect to the switch through the console or telnet and switch to the configuration mode:
enable config
Let’s create a group of isolated ports and add ports to it that do not need to see each other (in my case, clients are from 1 to 24):
isolate-port group users isolate-port group users switchport interface ethernet 1/1-24
The command is the same on all Foxgate switches, but port numbers may differ, for example on S6224-S2 I configured it like this:
isolate-port group users isolate-port group users switchport interface ethernet 0/0/1-24
After adding the ports to the group they will not see each other, but they will see the ports that are not in the group, I have the 25 port is the uplink on which the Internet comes, because it is not in the group, it sees all the ports, and the ports that the groups see him.
Let’s see the list of ports in the users group:
show isolate-port group users
Leave the configuration mode and save the settings:
exit write