Home » HP Manuals » Servers » HP 6125G » Manual Viewer

HP 6125G HP 6125G & 6125G/XG Blade Switches Layer 2 - LAN Switching Co - Page 57

Configuring port isolation, Assigning a port to the isolation group

Add to My Manuals
Save this manual to your list of manuals

Page 57 highlights

Configuring port isolation Port isolation enables isolating Layer 2 traffic for data privacy and security without using VLANs. You can also use this feature to isolate the hosts in a VLAN from one another. To use the feature, assign ports to a port isolation group. Ports in an isolation group are called "isolated ports." One isolated port cannot forward Layer 2 traffic to any other isolated port on the same switch, even if they are in the same VLAN. An isolated port can communicate with any port outside the isolation group if they are in the same VLAN. The switch series supports only one isolation group "isolation group 1." The isolation group is automatically created and cannot be deleted. There is no limit on the number of member ports. Assigning a port to the isolation group Step 1. Enter system view. 2. Enter interface view. Command system-view • Enter Ethernet interface view: interface interface-type interface-number • Enter Layer 2 aggregate interface view: interface bridge-aggregation interface-number 3. Assign the port or ports to the isolation group as an isolated port-isolate enable port or ports. Remarks N/A Use one of the commands. • In Ethernet interface view, the subsequent configurations apply to the current port. • In Layer 2 aggregate interface view, the subsequent configurations apply to the Layer 2 aggregate interface and all its member ports. No ports are added to the isolation group by default. Displaying and maintaining the isolation group Task Display isolation group information. Command display port-isolate group [ | { begin | exclude | include } regular-expression ] Remarks Available in any view Port isolation configuration example Network requirements As shown in Figure 11, Host A, Host B, and Host C are connected to GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 of Device, and Device is connected to the Internet through GigabitEthernet 1/0/4. All these ports are in the same VLAN. Configure Device to provide Internet access for all the hosts and isolate them from one another. 48

Section	Page
Title Page	1
Layer 2 - LAN Switching Configuration Guide	3
Configuring Ethernet interfaces	10
Ethernet interface naming conventions	10
Configuring the management Ethernet interface	10
Configuring basic settings of an Ethernet interface	11
Shutting down an Ethernet interface	12
Setting speed options for auto negotiation on an Ethernet interface	12
Configuring flow control on an Ethernet interface	13
Configuring link change suppression on an Ethernet interface	14
Configuring link-down event suppression	15
Configuring link-up event suppression	15
Configuring loopback testing on an Ethernet interface	15
Configuration restrictions and guidelines	16
Configuration procedure	16
Configuring jumbo frame support	16
Configuring storm suppression	17
Setting the statistics polling interval	17
Enabling loopback detection on an Ethernet interface	18
Configuration restrictions and guidelines	18
Configuration procedure	18
Setting the MDI mode of an Ethernet interface	19
Enabling bridging on an Ethernet interface	20
Testing the cable connection of an Ethernet interface	20
Configuring storm control on an Ethernet interface	21
Configuration restrictions and guidelines	21
Configuration procedure	21
Displaying and maintaining an Ethernet interface	22
Configuring loopback and null interfaces	24
Configuring a loopback interface	24
Introduction to the loopback interface	24
Configuration procedure	24
Configuring a null interface	25
Introduction to the null interface	25
Configuration procedure	25
Displaying and maintaining loopback and null interfaces	25
Bulk configuring interfaces	27
Configuration guidelines	27
Configuration procedure	27
Configuring the MAC address table	28
Overview	28
How a MAC address table entry is created	28
MAC address learning	28
Manually configuring MAC address entries	29
Types of MAC address table entries	29
MAC address table-based frame forwarding	29
Configuring static, dynamic, and blackhole MAC address table entries	29
Configuring a static or dynamic MAC address table entry in system view	30
Configuring a static or dynamic MAC address table entry in interface view	30
Configuring a blackhole MAC address entry	30
Disabling MAC address learning	30
Disabling global MAC address learning	31
Disabling MAC address learning on ports	31
Disabling MAC address learning on a VLAN	31
Configuring the aging timer for dynamic MAC address entries	31
Configuring the MAC learning limit on ports	32
Displaying and maintaining MAC address tables	32
MAC address table configuration example	33
Network requirements	33
Configuration procedure	33
Configuring MAC Information	35
Overview	35
Introduction to MAC Information	35
How MAC Information works	35
Enabling MAC Information globally	35
Enabling MAC Information on an interface	35
Configuring MAC Information mode	36
Configuring the interval for sending Syslog or trap messages	36
Configuring the MAC Information queue length	36
MAC Information configuration example	37
Network requirements	37
Configuration procedure	37
Configuring Ethernet link aggregation	38
Overview	38
Basic concepts	38
Aggregation group, member port, and aggregate interface	38
Aggregation states of member ports in an aggregation group	38
Operational key	38
Configuration classes	39
Reference port	39
LACP	39
Link aggregation modes	40
Aggregating links in static mode	41
Selecting a reference port	41
Setting the aggregation state of each member port	41
Aggregating links in dynamic mode	42
Selecting a reference port	42
Setting the aggregation state of each member port	42
Load-sharing criteria for link aggregation groups	43
Configuration restrictions and guidelines	44
Ethernet link aggregation configuration task list	44
Configuring an aggregation group	44
Configuration guidelines	44
Configuring a static aggregation group	45
Configuring a Layer 2 static aggregation group	45
Configuring a dynamic aggregation group	46
Configuring a Layer 2 dynamic aggregation group	46
Configuring an aggregate interface	47
Configuring the description of an aggregate interface	47
Enabling link state traps for an aggregate interface	47
Limiting the number of Selected ports for an aggregation group	48
Configuration guidelines	48
Shutting down an aggregate interface	48
Restoring the default settings for an aggregate interface	49
Configuring load sharing for link aggregation groups	49
Configuring load-sharing criteria for link aggregation groups	49
Configuring the global link-aggregation load-sharing criteria	49
Configuring group-specific load-sharing criteria	50
Enabling local-first load sharing for link aggregation	50
Displaying and maintaining Ethernet link aggregation	51
Ethernet link aggregation configuration examples	52
Layer 2 static aggregation configuration example	52
Network requirements	52
Configuration procedure	53
Layer 2 dynamic aggregation configuration example	54
Network requirements	54
Configuration procedure	54
Configuring port isolation	57
Assigning a port to the isolation group	57
Displaying and maintaining the isolation group	57
Port isolation configuration example	57
Network requirements	57
Configuration procedure	58
Configuring spanning tree protocols	59
STP	59
STP protocol packets	59
Basic concepts in STP	60
Root bridge	60
Root port	60
Designated bridge and designated port	60
Path cost	60
Calculation process of the STP algorithm	61
The configuration BPDU forwarding mechanism of STP	65
STP timers	65
RSTP	66
MSTP	66
STP and RSTP limitations	66
MSTP features	66
MSTP basic concepts	67
MST region	68
MSTI	68
VLAN-to-instance mapping table	68
CST	68
IST	68
CIST	68
Regional root	68
Common root bridge	69
Port roles	69
Port states	70
How MSTP works	70
CIST calculation	70
MSTI calculation	70
Implementation of MSTP on devices	71
Protocols and standards	71
Spanning tree configuration task list	71
Configuration restrictions and guidelines	71
STP configuration task list	72
RSTP configuration task list	72
MSTP configuration task list	73
Setting the spanning tree mode	75
Configuring an MST region	75
Configuring the root bridge or a secondary root bridge	76
Configuration restrictions and guidelines	76
Configuring the current device as the root bridge of a specific spanning tree	77
Configuring the current device as a secondary root bridge of a specific spanning tree	77
Configuring the device priority	77
Configuring the maximum hops of an MST region	78
Configuring the network diameter of a switched network	78
Configuring spanning tree timers	79
Configuration restrictions and guidelines	79
Configuration procedure	79
Configuring the timeout factor	80
Configuring the maximum port rate	80
Configuring edge ports	81
Configuration restrictions and guidelines	81
Configuration procedure	81
Configuring path costs of ports	82
Specifying a standard for the device to use when it calculates the default path cost	82
Configuration restrictions and guidelines	83
Configuration procedure	83
Configuring path costs of ports	83
Configuration example	84
Configuring the port priority	84
Configuring the port link type	85
Configuration restrictions and guidelines	85
Configuration procedure	85
Configuring the mode a port uses to recognize or send MSTP packets	85
Enabling outputting port state transition information	86
Enabling the spanning tree feature	86
Performing mCheck	87
Performing mCheck globally	87
Performing mCheck in interface view	87
Configuring Digest Snooping	88
Configuration restrictions and guidelines	88
Configuration procedure	88
Digest Snooping configuration example	89
Network requirements	89
Configuration procedure	89
Configuring No Agreement Check	90
Configuration prerequisites	91
Configuration procedure	91
No Agreement Check configuration example	92
Network requirements	92
Configuration procedure	92
Configuring TC snooping	92
Configuration restrictions and guidelines	93
Configuration procedure	93
Configuring protection functions	93
Configuration prerequisites	93
Enabling BPDU guard	93
Enabling root guard	94
Enabling loop guard	95
Enabling TC-BPDU guard	95
Displaying and maintaining the spanning tree	96
MSTP configuration example	96
Network requirements	96
Configuration procedure	97
Configuring BPDU tunneling	101
Overview	101
Background	101
BPDU tunneling implementation	102
Enabling BPDU tunneling	103
Configuration prerequisites	103
Configuration restrictions and guidelines	104
Configuration procedure	104
Enabling BPDU tunneling for a protocol in Layer 2 Ethernet interface view	104
Enabling BPDU tunneling for a protocol in Layer 2 aggregate interface view	104
Configuring destination multicast MAC address for BPDUs	104
BPDU tunneling configuration examples	105
BPDU tunneling for STP configuration example	105
Network requirements	105
Configuration procedure	105
BPDU tunneling for PVST configuration example	106
Network requirements	106
Configuration procedure	107
Configuring VLANs	108
Overview	108
VLAN fundamentals	108
VLAN types	109
Protocols and standards	110
Configuring basic VLAN settings	110
Configuration restrictions and guidelines	110
Configuration procedure	110
Configuring basic settings of a VLAN interface	111
Configuration procedure	111
VLAN interface configuration example	111
Network requirements	111
Configuration procedure	112
Verifying the configurations	112
Configuring port-based VLANs	113
Introduction to port-based VLAN	113
Port link type	113
PVID	113
Assigning an access port to a VLAN	114
Assigning a trunk port to a VLAN	115
Assigning a hybrid port to a VLAN	116
Port-based VLAN configuration example	117
Network requirements	117
Configuration procedure	118
Verifying the configurations	118
Configuring MAC-based VLANs	119
Introduction to MAC-based VLAN	119
Static MAC-based VLAN assignment	119
Dynamic MAC-based VLAN assignment	119
Dynamic MAC-based VLAN	121
Configuration restrictions and guidelines	121
Configuration procedure	121
MAC-based VLAN configuration example	124
Network requirements	124
Configuration consideration	124
Configuration procedure	124
Verifying the configuration	125
Configuration guidelines	126
Configuring protocol-based VLANs	126
Introduction to protocol-based VLAN	126
Configuration restrictions and guidelines	126
Configuration procedure	126
Protocol-based VLAN configuration example	127
Network requirements	127
Configuration consideration	128
Configuration procedure	128
Verifying the configurations	129
Configuration guidelines	130
Configuring IP subnet-based VLANs	130
Configuration procedure	130
IP subnet-based VLAN configuration example	131
Network requirements	131
Configuration consideration	131
Configuration procedure	131
Verifying the configurations	132
Configuration guidelines	132
Displaying and maintaining VLAN	133
Configuring an isolate-user-VLAN	134
Overview	134
Configuration restrictions and guidelines	135
Configuration procedure	135
Displaying and maintaining isolate-user-VLAN	136
Isolate-user-VLAN configuration example	137
Network requirements	137
Configuration procedure	137
Verifying the configuration	138
Configuring a voice VLAN	140
Overview	140
OUI addresses	140
Voice VLAN assignment modes	140
Security mode and normal mode of voice VLANs	142
Configuration prerequisites	143
Configuring QoS priority settings for voice traffic on an interface	143
Configuration restrictions and guidelines	144
Configuration procedure	144
Configuring a port to operate in automatic voice VLAN assignment mode	144
Configuration restrictions and guidelines	144
Configuration procedure	145
Configuring a port to operate in manual voice VLAN assignment mode	145
Configuration restrictions and guidelines	145
Configuration procedure	146
Displaying and maintaining voice VLAN	146
Voice VLAN configuration examples	147
Automatic voice VLAN mode configuration example	147
Network requirements	147
Configuration procedure	147
Verifying the configurations	148
Manual voice VLAN assignment mode configuration example	149
Network requirements	149
Configuration procedure	149
Verifying the configurations	149
Configuring GVRP	151
Overview	151
GARP	151
How GARP works	151
GARP messages	151
GARP timers	152
GARP PDU format	153
GVRP	154
GVRP overview	154
GVRP registration modes	154
Protocols and standards	154
GVRP configuration task list	154
Configuring GVRP functions	155
Configuration restrictions and guidelines	155
Configuration procedure	155
Configuring the GARP timers	156
Displaying and maintaining GVRP	157
GVRP configuration examples	157
GVRP normal registration mode configuration example	157
Network requirements	157
Configuration procedure	158
GVRP fixed registration mode configuration example	159
Network requirements	159
Configuration procedure	159
GVRP forbidden registration mode configuration example	160
Network requirements	160
Configuration procedure	160
Configuring QinQ	163
Overview	163
Background and benefits	163
How QinQ works	163
QinQ frame structure	164
Implementations of QinQ	165
Modifying the TPID in a VLAN tag	165
Protocols and standards	166
QinQ configuration task list	166
Configuring basic QinQ	167
Enabling basic QinQ	167
Configuring VLAN transparent transmission	167
Configuration restrictions and guidelines	167
Configuration procedure	167
Configuring selective QinQ	168
Configuring an outer VLAN tagging policy	168
Configuring an inner-outer VLAN 802.1p priority mapping	169
Configuring inner VLAN ID substitution	170
Configuring the TPID value in VLAN tags	171
Configuration restrictions and guidelines	171
Configuration procedure	171
QinQ configuration examples	172
Basic QinQ configuration example	172
Network requirements	172
Configuration procedure	172
VLAN transparent transmission configuration example	174
Network requirements	174
Configuration procedure	174
Simple selective QinQ configuration example	175
Network requirements	175
Configuration procedure	176
Comprehensive selective QinQ configuration example	178
Network requirements	178
Configuration procedure	179
Configuring VLAN mapping	183
Overview	183
Application scenario of one-to-one VLAN mapping	183
Application scenario of one-to-two and two-to-two VLAN mapping	184
Concepts and terms	185
VLAN mapping implementations	186
One-to-one VLAN mapping	186
One-to-two VLAN mapping	186
Two-to-two VLAN mapping	187
VLAN mapping configuration tasks	187
Configuring one-to-one VLAN mapping	188
Configuration prerequisites	188
Configuring an uplink policy	188
Configuring a downlink policy	188
Configuring the customer-side port	189
Configuring the network-side port	189
Configuring one-to-two VLAN mapping	190
Configuration prerequisites	190
Configuring an uplink policy	190
Configuring the customer-side port	191
Configuring the network-side port	191
Configuring two-to-two VLAN mapping	192
Configuring an uplink policy for the customer-side port	193
Configuring an uplink policy for the network-side port	193
Configuring a downlink policy for the customer-side port	194
Configuring the customer-side port	195
Configuring the network-side port	195
VLAN mapping configuration examples	196
One-to-one VLAN mapping configuration example	196
Network requirements	196
Configuration procedure	197
One-to-two and two-to-two VLAN mapping configuration example	199
Network requirements	199
Configuration procedure	200
Configuring LLDP	203
Overview	203
Background	203
Basic concepts	203
LLDPDU formats	203
LLDPDUs	204
TLVs	205
LLDP-MED TLVs	206
Management address	207
How LLDP works	207
Operating modes of LLDP	207
Transmitting LLDPDUs	207
Receiving LLDPDUs	208
Protocols and standards	208
LLDP configuration task list	208
Performing basic LLDP configuration	208
Enabling LLDP	208
Setting the LLDP operating mode	209
Setting the LLDP re-initialization delay	209
Enabling LLDP polling	209
Configuring the advertisable TLVs	210
Configuring the management address and its encoding format	210
Setting other LLDP parameters	211
Configuration restrictions and guidelines	211
Configuration procedure	211
Setting an encapsulation format for LLDPDUs	212
Configuring CDP compatibility	212
Configuration prerequisites	212
Configuration procedure	213
Configuring LLDP to advertise a specific voice VLAN	213
Configuration guidelines	213
Configuration procedure	214
Dynamically advertising server-assigned VLANs through LLDP	214
Configuring LLDP trapping	215
Displaying and maintaining LLDP	215
LLDP configuration examples	216
Basic LLDP configuration example	216
Network requirements	216
Configuration procedure	216
CDP-compatible LLDP configuration example	218
Network requirements	218
Configuration procedure	219
Configuring a service loopback group	221
Overview	221
Service types of service loopback groups	221
Requirements on service loopback ports	221
States of service loopback ports	221
Setting the state of service loopback ports	221
Configuration restrictions and guidelines	222
Configuration procedure	222
Displaying and maintaining service loopback groups	223
Service loopback group configuration example	223
Network requirements	223
Configuration procedure	223
Configuring Layer 2 forwarding	225
Configuring cut-through forwarding	225
Support and other resources	226
Contacting HP	226
Subscription service	226
Related information	226
Documents	226
Websites	226
Conventions	227
Command conventions	227
GUI conventions	227
Symbols	227
Network topology icons	228
Port numbering in examples	228

Match case Limit results 1 per page

Configuring port isolation

Port isolation enables isolating Layer 2 traffic for data privacy and security without using VLANs. You can

also use this feature to isolate the hosts in a VLAN from one another.

To use the feature, assign ports to a port isolation group. Ports in an isolation group are called "isolated

ports." One isolated port cannot forward Layer 2 traffic to any other isolated port on the same switch,

even if they are in the same VLAN. An isolated port can communicate with any port outside the isolation

group if they are in the same VLAN.

The switch series supports only one isolation group "isolation group 1." The isolation group is

automatically created and cannot be deleted. There is no limit on the number of member ports.

Assigning a port to the isolation group

Step

Command

Remarks

Enter system view.

system-view

N/A

Enter interface view.

•

Enter Ethernet interface view:

interface

interface-type

interface-number

•

Enter Layer 2 aggregate

interface view:

interface bridge-aggregation

interface-number

Use one of the commands.

•

In Ethernet interface view, the

subsequent configurations

apply to the current port.

•

In Layer 2 aggregate interface

view, the subsequent

configurations apply to the

Layer 2 aggregate interface

and all its member ports.

Assign the port or ports to the

isolation group as an isolated

port or ports.

port-isolate enable

No ports are added to the isolation

group by default.

Displaying and maintaining the isolation group

Task

Command

Remarks

Display isolation group

information.

display port-isolate group

[

{

begin

exclude

include

}

regular-expression

]

Available in any view

Port isolation configuration example

Network requirements

As shown in

Figure 11

, Host A, Host B, and Host C are connected to GigabitEthernet 1/0/1,

GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 of Device, and Device is connected to the Internet

through GigabitEthernet 1/0/4. All these ports are in the same VLAN.

Configure Device to provide Internet access for all the hosts and isolate them from one another.

HP 6125G HP 6125G &amp; 6125G/XG Blade Switches Layer 2 - LAN Switching Co - Page 57

Configuring port isolation, Assigning a port to the isolation group

Page 57 highlights

HP 6125G HP 6125G & 6125G/XG Blade Switches Layer 2 - LAN Switching Co - Page 57