Configuring Port Attributes > About Port Isolation > Example Use-Case Configuration
Was this helpful?
Example Use-Case Configuration
In a typical scenario, as shown in Figure 4, ports 1, 2, and 3 configured as isolated ports so the hosts attached to these ports cannot communicate with each other directly, but only through the upstream firewall or router connected to port 64.
As shown in Figure 4, create the configuration as follows:
 
PN-HA1
CLI network-admin@Leaf1 > port-config-modify port 1 no-local-switching
CLI network-admin@Leaf1 > port-config-modify port 2 no-local switching
PN-HA2
CLI network-admin@Leaf1 > port-config-modify port 2 no-local-switching
CLI network-admin@Leaf1 > port-config-modify port 3 no-local-switching
 
Figure 4:Port Isolation scenario
 
Typically, you configure the upstream router or firewall to perform local proxy ARPs and/or NDP proxy and respond to all ARP requests and/or Neighbor Solicitations coming from isolated hosts. To avoid interfering with local proxy ARPs and NDP proxy, disable ARP and ND Optimization as follows:
CLI network-admin@Leaf1 > system-settings-modify no-optimize-arps
CLI network-admin@Leaf1 > system-settings-modify no-optimize-nd