Configuring Port Isolation


To configure Port Isolation, use the following steps:


  1. Configure the isolated ports. In this example, ports 1 and 2:


CLI (network-admin@Leaf1) > port-config-modify port 1,2 no-local-switching


  1. Optionally, configure the port link state association. A port association is required to match the link state of downlink isolated ports with the one of uplink ports. When all uplink ports are down, downlink isolated ports are administratively disabled until one of the uplinks becomes operational again. In this example, the port association name is PA, uplink (master), ports value is 64, and isolated downlink (slave) ports value are 1, 2.


CLI (network-admin@Leaf1) > port-association-create-name PA master-ports 64 slave-ports 1,2 policy any-master


  1. Optionally, disable ARP and ND optimization.


CLI (network-admin@Leaf1) > system-settings-modify no-optimize-arps


CLI (network-admin@Leaf1) > system-settings-modify no-optimize-nd


This feature uses the command no-local-switching for the port-config-modify command. To configure one or more isolated ports:


CLI (network-admin@Leaf1) > port-config-modify port port-list no-local-switching


To view ports that are impacted by the no-local-switching command, use the port-egress-show command:


switch

------

port

----

egress

------

rx-only

-------

active-active-vlags

------------

loopback

--------

mir-prevent-out

------------

no-local-switching-out

-------------

1

0-72

none

none

none

none

none

none

2

0-72

none

none

none

none

none

none

3

0-72

none

none

none

none

none

none

4

0-72

none

none

none

none

none

none

5

0-4,11-72

none

none

none

none

none

5-10

6

0-4,11-72

none

none

none

none

none

5-10

7

0-4,11-72

none

none

none

none

none

5-10

8

0-4,11-72

none

none

none

none

none

5-10


The following Port Isolation options for the trunk-create, trunk-modify, and trunk-show commands are as follows:


CLI (network-admin@Leaf1) > trunk-create


trunk-create

Create a trunk configuration for link aggregation

One or more of the following options:

local-switching|no-local-switching

Specify no-local-switching if you do not want the port to bridge traffic to another no-local-switching port.



CLI (network-admin@Leaf1) > trunk-modify


trunk-modify

Modify a trunk configuration for link aggregation

One or more of the following options:

reflect|noreflect

Specify if physical port reflection is enabled or not.



CLI (network-admin@Leaf1) > trunk-show 

 

trunk-show

Display trunk configuration

One or more of the following options:

reflect|noreflect

Displays if physical port reflection is enabled or not.