Configuring Port Isolation

To configure Port Isolation, use the following steps:

1. Configure the isolated ports. In this example, ports 1 and 2:

CLI network-admin@Leaf1 > port-config-modify port 1,2 no-local-switching

2. Optionally, configure the port link state association. A port association is required to match the link state of downlink isolated ports with the one of uplink ports. When all uplink ports are down, downlink isolated ports are administratively disabled until one of the uplinks becomes operational again. In this example, the port association name is PA, uplink (master), ports value is 64, and isolated downlink (slave) ports value are 1, 2.

CLI network-admin@Leaf1 > port-association-create-name PA master-ports 64 slave-ports 1,2 policy any-master

3. Optionally, disable ARP and ND optimization.

CLI network-admin@Leaf1 > system-settings-modify no-optimize-arps

CLI network-admin@Leaf1 > system-settings-modify no-optimize-nd

This feature uses the command no-local-switching for the port-config-modify command. To configure one or more isolated ports:

CLI network-admin@Leaf1 > port-config-modify port port-list no-local-switchingg

To view ports that are impacted by the no-local-switching command, use the port-egress-show command:

switch port      egress  rx-only             active-active-vlags  loopback

------ --------- ------- ------------------- -------------------- -------- 

1      0-72      none    none                none                 none

2      0-72      none    none                none                 none

3      0-72      none    none                none                 none

4      0-72      none    none                none                 none

5      0-4,11-72 none    none                none                 none

6      0-4,11-72 none    none                none                 none

7      0-4,11-72 none    none                none                 none

8      0-4,11-72 none    none                none                 none

mir_prevent_out          no-local-switching-out

------------------------ ----------------------

none                     none

none                     none

none                     none

none                     none

none                     5-10

none                     5-10

none                     5-10

none                     5-10

 

The following Port Isolation options for the trunk-create, trunk-modify, and trunk-show commands are as follows:

CLI network-admin@Leaf1 > trunk-create

trunk-create

Create a trunk configuration for link aggregation

one or more of the following options:

local-switching|no-local-switching

Specify no-local-switching if you do not want the port to bridge traffic to another no-local-switching port.

CLI network-admin@Leaf1 > trunk-modify

trunk-modify

Modify a trunk configuration for link aggregation

one or more of the following options:

reflect|noreflect

Specify if physical port reflection is enabled or not.

CLI network-admin@Leaf1 > trunk-show

trunk-show

Display trunk configuration

one or more of the following options:

reflect|noreflect

Displays if physical port reflection is enabled or not.