1-11 Port Isolation ConfigurationWhen configuring port isolation, go to these sections for information you are interested in:z Introduction to Port Isolationz Configuring the Isolation Group for a Single-Isolation-Group Devicez Displaying and Maintaining Isolation Groupsz Port Isolation Configuration ExampleIntroduction to Port IsolationUsually, Layer 2 traffic isolation is achieved by assigning ports to different VLANs. To save VLANresources, port isolation is introduced to isolate ports within a VLAN, allowing for great flexibility andsecurity.Currently:z S5120-EI series Ethernet switches support only one isolation group that is created automatically bythe system as isolation group 1. These devices are referred to as single-isolation-group devices.You can neither remove the isolation group nor create other isolation groups on such devices.z There is no restriction on the number of ports assigned to an isolation group.Configuring the Isolation Group for a Single-Isolation-Group DeviceAssigning a Port to the Isolation GroupFollow these steps to add a port to the isolation group:To do… Use the command… RemarksEnter system view system-view —Enter Ethernetinterface viewinterface interface-typeinterface-numberEnter Layer-2aggregateinterface viewinterfacebridge-aggregationinterface-numberEnterinterfaceview or,port groupview Enter portgroup viewport-group manualport-group-nameRequiredUse one of the commands.z In Ethernet interface view, thesubsequent configurations apply tothe current port.z In Layer-2 aggregate interface view,the subsequent configurations applyto the Layer-2 aggregate interfaceand all its member ports.z In port group view, the subsequentconfigurations apply to all ports in theport group.Assign the port or ports to theisolation group as an isolatedport or portsport-isolate enableRequiredNo ports are added to the isolation groupby default.