Example Use-Case Configuration

In a typical scenario, as shown in Figure 4, ports 1, 2, and 3 are configured as isolated ports so that the hosts attached to these ports cannot communicate with each other directly, but only through the upstream firewall or router that is connected to port 64.

Figure 4:Port Isolation scenario

port_isolation.png

 

As shown in Figure 4, create the configuration as follows:

PN-HA1

CLI network-admin@Leaf1 > port-config-modify port 1 no-local-switching

CLI network-admin@Leaf1 > port-config-modify port 2 no-local switching

PN-HA2

CLI network-admin@Leaf1 > port-config-modify port 2 no-local-switching

CLI network-admin@Leaf1 > port-config-modify port 3 no-local-switching

Typically, the upstream router or firewall is configured to perform local proxy ARPs and/or NDP proxy and respond to all ARP requests and/or Neighbor Solicitations coming from isolated hosts. To avoid interfering with local proxy ARPs and NDP proxy, disable ARP and ND Optimization as follows:

CLI network-admin@Leaf1 > system-settings-modify no-optimize-arps

CLI network-admin@Leaf1 > system-settings-modify no-optimize-nd