In What Scenarios Can Port Isolation Be Used?
To implement Layer 2 isolation between interfaces, you can add interfaces to different VLANs. However, this method consumes many VLAN resources. Port isolation can also isolate interfaces in the same VLAN. You can add interfaces to a port isolation group to implement Layer 2 isolation between these interfaces. Port isolation provides secure and flexible networking schemes.
Figure 1 shows the port isolation method and application scenario. PC1, PC2, and PC3 belong to VLAN 10. After GE1/0/1 and GE1/0/2 connected to PC1 and PC2 are added to a port isolation group, PC1 and PC2 cannot communicate with each other in VLAN 10. PC3 can still communicate with PC1 and PC2.
Figure 1 Port isolation example
You can configure unidirectional port isolation in the following situation: Multiple hosts connect to a device through different interfaces. One of the hosts may send a large number of broadcast packets to other hosts, causing security risks. You can configure unidirectional port isolation to isolate the risky host from other hosts.
As show in Figure 2, PC4 may threaten network security by sending a large number of broadcast packets to other hosts. You can configure unidirectional port isolation on GE1/0/4 connected to PC4 to block packets sent from this interface to GE1/0/5 and GE1/0/6. In this way, broadcast packets sent from PC4 cannot reach PC5 or PC6, but broadcast packets sent from PC5 and PC6 can reach PC4.
Figure 2 Unidirectional port isolation example