1-11 Port Isolation ConfigurationWhen configuring port isolation, go to these sections for information you are interested in:z Introduction to Port Isolationz Configuring the Isolation Groupz Displaying and Maintaining Isolation Groupsz Port Isolation Configuration ExampleIntroduction to Port IsolationUsually, Layer 2 traffic isolation is achieved by assigning ports to different VLANs. To save VLANresources, port isolation is introduced to isolate ports within a VLAN, allowing for great flexibility andsecurity.Currently:z 3Com Switch 4500G family support only one isolation group that is created automatically by thesystem as isolation group 1. You can neither remove the isolation group nor create other isolationgroups on such devices.z There is no restriction on the number of ports assigned to an isolation group.z Layer 2 traffic can be exchanged between a port inside an isolation group and a port outside theisolation group, but not between ports inside the isolation group.Configuring the Isolation GroupAssigning a Port to the Isolation GroupFollow these steps to add a port to the isolation group:To do… Use the command… RemarksEnter system view system-view —Enter Ethernetinterface viewinterface interface-typeinterface-numberEnter Layer-2aggregateinterface viewinterfacebridge-aggregationinterface-numberEnterinterfaceview or,port groupview Enter portgroup viewport-group manualport-group-nameRequiredUse one of the commands.z In Ethernet interface view, thesubsequent configurations apply tothe current port.z In Layer-2 aggregate interface view,the subsequent configurations applyto the Layer-2 aggregate interfaceand all its member ports.z In port group view, the subsequentconfigurations apply to all ports in theport group.Assign the port or ports to theisolation group as an isolatedport or portsport-isolate enableRequiredNo ports are added to the isolation groupby default.