CLI commands
Syntax
vlan vid isolate-list port-list
A VLAN will have only one isolate-list.
A port which is on the isolate-list for one VLAN can be in a forward-list or isolate-list for a different VLAN.
Isolate-list command example
switch(config)# vlan <1> isolate-list <a1-a4>
The example command allows ports a1-a4 to talk to each other on ports other than VLAN 1.
Any VLAN 1 packets received on port a1-a4 will not be forwarded to ports a1-a4. This applies to all hosts on port a1-a4, no matter if the source MAC address is authenticated or not. Additionally, there is a small window when learning a new source MAC address where packets from that address are not forwarded to ports a1-a4 dropped. Which means traffic received from a client on ports a1-a4 will not be forwarded to any other port and VLAN until the client’s MAC learned. This applies only to newly learned hosts.
| Designation | Definition | Assigned VLAN |
|---|---|---|
|
G |
guest users |
1 |
|
V |
voice users |
2 |
|
AU |
authenticated users |
3 |
|
B1 |
uplink port |
|
|
A1, A2, A3, A4 |
ports on 2920 switch |
The requirements are:
-
Guest users should not able to talk to each-other.
-
Guest users should be able to talk to Uplink port and vice-versa.
-
Voice Users should be able to talk to each other.
-
Authenticated users should be able to talk to each other
|
State |
User |
Behavior |
|---|---|---|
|
Unknown SA - MAC Table is not Programmed. |
Guest User |
Drop on all isolate ports coming on any VLAN |
|
Unknown SA - MAC Table is not Programmed. |
Authenticated User |
Drop on all isolate ports coming on any VLAN |
|
Unknown SA - MAC Table is not Programmed. |
Voice User |
Drop on all isolate ports coming on any VLAN |
|
MAC Table is Programmed. |
Guest User |
Drop on all isolate ports coming on the particular VLAN |
|
MAC Table is Programmed. |
Authenticated User |
Forward for authenticated users. |
|
MAC Table is Programmed. |
Voice User |
Forward for Voice Users. |