端口隔离可以实现二层数据隔离,某种情况下会需要。如防arp攻击。H3C的端口隔离非常简单:
[SW]port-isolate group 1 #创建隔离组1
[SW]interface range GigabitEthernet 1/0/5 to GigabitEthernet 1/0/6
[SW-if-range]port-isolate enable group 1 #将两个加入隔离组,两个端口互相隔离,与其他端口通信正常
[SW-if-range]quit
查看端口隔离信息:
[SW]display port-isolate group 1
Port isolation group information:
Group ID: 1
Group members:
GigabitEthernet1/0/5 GigabitEthernet1/0/6
![H3C静态路由汇总[图]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)