Port Isolation

User avatar
sirhc
Employee
Employee
 
Posts: 7421
Joined: Tue Apr 08, 2014 3:48 pm
Location: Lancaster, PA
Has thanked: 1609 times
Been thanked: 1326 times

Re: Port Isolation

Sun Jan 25, 2015 11:48 am

I am not sure we have the option of specifying VLANs for "port" isolation with out switch core. but I will explore it. MT is a soft switch meaning it is all handled in software where are we are using a switch core.
Support is handled on the Forums not in Emails and PMs.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.

User avatar
mike99
Associate
Associate
 
Posts: 837
Joined: Tue Nov 25, 2014 10:53 am
Location: Quebec, Canada
Has thanked: 95 times
Been thanked: 245 times

Re: Port Isolation

Fri Jan 30, 2015 10:45 am

Just tryed it on RC15. Working fine. For those who would like to know how it work (since I didn't find any information about it), ports with isolation active won't be able to communicate with other ports with port isolation active but the will be able to communicate with every ports that ports isolation si not active.

That not what I expected but it will be enough for my need and it's really easy to configure and understand. In the end, it's even better for our need since any tech on the field will be able to understand and configure it without needing help of our sys admin team.

User avatar
adairw
Associate
Associate
 
Posts: 465
Joined: Wed Nov 05, 2014 11:47 pm
Location: Amarillo, TX
Has thanked: 98 times
Been thanked: 132 times

Re: Port Isolation

Fri Jan 30, 2015 10:51 am

Thanks for the detail. did you happen to test with any vlans enabled? does it also isolate the vlans?
I haven't been able to spend any time testing yet, but that's really where I want/need it is on vlan on an interface.
IF it isolates anything on that port plus the vlan's that would be perfect.

User avatar
mike99
Associate
Associate
 
Posts: 837
Joined: Tue Nov 25, 2014 10:53 am
Location: Quebec, Canada
Has thanked: 95 times
Been thanked: 245 times

Re: Port Isolation

Fri Jan 30, 2015 3:16 pm

Everything was still pluged so I gived it a try. I added VLAN 100 to every device, the netonix still can ping both isolated device, my pc with tagged vlan (iso disable on this port) still can ping both edgerouter on VLAN 100 (tagged VLAN) both a a port with iso enabled. With iso enabled on both port the're connected to, the 2 edgerouter can't ping each other.

Everything seem also fine on VLAN also. Traffic between ports tagged on the same VLAN won't be able to communicate between each one. Inter-VLANs traffic pass through the router so the switch (layer 2 only) won't be able to block this traffic. If it's what your looking for, it's the job of your router to do so via paquets filtering.

User avatar
adairw
Associate
Associate
 
Posts: 465
Joined: Wed Nov 05, 2014 11:47 pm
Location: Amarillo, TX
Has thanked: 98 times
Been thanked: 132 times

Re: Port Isolation

Sat Jan 31, 2015 1:19 pm

That will work for me! whoop!

User avatar
wayneorack
Experienced Member
 
Posts: 129
Joined: Thu Sep 04, 2014 12:16 pm
Location: San Angelo, TX
Has thanked: 188 times
Been thanked: 64 times

Re: Port Isolation

Sat Jan 31, 2015 1:29 pm

adairw wrote:..." whoop!"


An Aggie? Really?

User avatar
amckillip
Member
 
Posts: 1
Joined: Wed May 06, 2015 1:47 pm
Location: Aurora, NE
Has thanked: 1 time
Been thanked: 0 time

Re: Port Isolation

Wed May 06, 2015 3:14 pm

Ok so if I am understanding this correctly we can isolate traffic between our AP ports and leave it off on the BH so the APs can get out to the internet. Am I understanding this correctly?

User avatar
sirhc
Employee
Employee
 
Posts: 7421
Joined: Tue Apr 08, 2014 3:48 pm
Location: Lancaster, PA
Has thanked: 1609 times
Been thanked: 1326 times

Re: Port Isolation

Wed May 06, 2015 4:32 pm

Ports that have Port Isolation checked on the Ports Tab can not talk to another port that also has Port Isolation checked but can talk to ports that do not have Port Isolation Checked.

Ports that do not have Port Isolation Checked can talk to all port.
Support is handled on the Forums not in Emails and PMs.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.

philipt
Member
 
Posts: 1
Joined: Fri May 06, 2016 10:59 pm
Has thanked: 0 time
Been thanked: 0 time

Re: Port Isolation

Sun May 08, 2016 9:29 pm

I hate reopening an old tread, but I seem to have an issue with this... I have a wireless access point on a Port that is Isolated and a cisco switch plugged into another Isolated port. It seems however the computers on the switch and the computers on the Access Point can access each other. Am I misunderstanding how this is supposed to work or is the Cisco somehow messing things up?

Thanks

User avatar
Eric Stern
Employee
Employee
 
Posts: 532
Joined: Wed Apr 09, 2014 9:41 pm
Location: Toronto, Ontario
Has thanked: 0 time
Been thanked: 130 times

Re: Port Isolation

Mon May 09, 2016 9:21 am

Port isolation prevents traffic being passed between isolated ports on layer 2. But if the traffic makes it to a router its quite possible for the devices to be able to communicate at layer 3. You would have to use a firewall or similar mechanism to prevent communication at layer 3.

Previous
Return to General Discussion

Who is online

Users browsing this forum: Google [Bot] and 60 guests