Port Isolation
-
sirhc - Employee
- Posts: 7421
- Joined: Tue Apr 08, 2014 3:48 pm
- Location: Lancaster, PA
- Has thanked: 1609 times
- Been thanked: 1326 times
Re: Port Isolation
I am not sure we have the option of specifying VLANs for "port" isolation with out switch core. but I will explore it. MT is a soft switch meaning it is all handled in software where are we are using a switch core.
Support is handled on the Forums not in Emails and PMs.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.
-
mike99 - Associate
- Posts: 837
- Joined: Tue Nov 25, 2014 10:53 am
- Location: Quebec, Canada
- Has thanked: 95 times
- Been thanked: 245 times
Re: Port Isolation
Just tryed it on RC15. Working fine. For those who would like to know how it work (since I didn't find any information about it), ports with isolation active won't be able to communicate with other ports with port isolation active but the will be able to communicate with every ports that ports isolation si not active.
That not what I expected but it will be enough for my need and it's really easy to configure and understand. In the end, it's even better for our need since any tech on the field will be able to understand and configure it without needing help of our sys admin team.
That not what I expected but it will be enough for my need and it's really easy to configure and understand. In the end, it's even better for our need since any tech on the field will be able to understand and configure it without needing help of our sys admin team.
-
adairw - Associate
- Posts: 465
- Joined: Wed Nov 05, 2014 11:47 pm
- Location: Amarillo, TX
- Has thanked: 98 times
- Been thanked: 132 times
Re: Port Isolation
Thanks for the detail. did you happen to test with any vlans enabled? does it also isolate the vlans?
I haven't been able to spend any time testing yet, but that's really where I want/need it is on vlan on an interface.
IF it isolates anything on that port plus the vlan's that would be perfect.
I haven't been able to spend any time testing yet, but that's really where I want/need it is on vlan on an interface.
IF it isolates anything on that port plus the vlan's that would be perfect.
-
mike99 - Associate
- Posts: 837
- Joined: Tue Nov 25, 2014 10:53 am
- Location: Quebec, Canada
- Has thanked: 95 times
- Been thanked: 245 times
Re: Port Isolation
Everything was still pluged so I gived it a try. I added VLAN 100 to every device, the netonix still can ping both isolated device, my pc with tagged vlan (iso disable on this port) still can ping both edgerouter on VLAN 100 (tagged VLAN) both a a port with iso enabled. With iso enabled on both port the're connected to, the 2 edgerouter can't ping each other.
Everything seem also fine on VLAN also. Traffic between ports tagged on the same VLAN won't be able to communicate between each one. Inter-VLANs traffic pass through the router so the switch (layer 2 only) won't be able to block this traffic. If it's what your looking for, it's the job of your router to do so via paquets filtering.
Everything seem also fine on VLAN also. Traffic between ports tagged on the same VLAN won't be able to communicate between each one. Inter-VLANs traffic pass through the router so the switch (layer 2 only) won't be able to block this traffic. If it's what your looking for, it's the job of your router to do so via paquets filtering.
-
wayneorack - Experienced Member
- Posts: 129
- Joined: Thu Sep 04, 2014 12:16 pm
- Location: San Angelo, TX
- Has thanked: 188 times
- Been thanked: 64 times
-
amckillip - Member
- Posts: 1
- Joined: Wed May 06, 2015 1:47 pm
- Location: Aurora, NE
- Has thanked: 1 time
- Been thanked: 0 time
Re: Port Isolation
Ok so if I am understanding this correctly we can isolate traffic between our AP ports and leave it off on the BH so the APs can get out to the internet. Am I understanding this correctly?
-
sirhc - Employee
- Posts: 7421
- Joined: Tue Apr 08, 2014 3:48 pm
- Location: Lancaster, PA
- Has thanked: 1609 times
- Been thanked: 1326 times
Re: Port Isolation
Ports that have Port Isolation checked on the Ports Tab can not talk to another port that also has Port Isolation checked but can talk to ports that do not have Port Isolation Checked.
Ports that do not have Port Isolation Checked can talk to all port.
Ports that do not have Port Isolation Checked can talk to all port.
Support is handled on the Forums not in Emails and PMs.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.
- philipt
- Member
- Posts: 1
- Joined: Fri May 06, 2016 10:59 pm
- Has thanked: 0 time
- Been thanked: 0 time
Re: Port Isolation
I hate reopening an old tread, but I seem to have an issue with this... I have a wireless access point on a Port that is Isolated and a cisco switch plugged into another Isolated port. It seems however the computers on the switch and the computers on the Access Point can access each other. Am I misunderstanding how this is supposed to work or is the Cisco somehow messing things up?
Thanks
Thanks
-
Eric Stern - Employee
- Posts: 532
- Joined: Wed Apr 09, 2014 9:41 pm
- Location: Toronto, Ontario
- Has thanked: 0 time
- Been thanked: 130 times
Re: Port Isolation
Port isolation prevents traffic being passed between isolated ports on layer 2. But if the traffic makes it to a router its quite possible for the devices to be able to communicate at layer 3. You would have to use a firewall or similar mechanism to prevent communication at layer 3.
Who is online
Users browsing this forum: No registered users and 104 guests