CLI commands

Syntax


vlan vid isolate-list port-list
NOTE:

A VLAN will have only one isolate-list.

A port which is on the isolate-list for one VLAN can be in a forward-list or isolate-list for a different VLAN.

Isolate-list command example


switch(config)# vlan <1> isolate-list <a1-a4>

The example command allows ports a1-a4 to talk to each other on ports other than VLAN 1.

Any VLAN 1 packets received on port a1-a4 will not be forwarded to ports a1-a4. This applies to all hosts on port a1-a4, no matter if the source MAC address is authenticated or not. Additionally, there is a small window when learning a new source MAC address where packets from that address are not forwarded to ports a1-a4 dropped. Which means traffic received from a client on ports a1-a4 will not be forwarded to any other port and VLAN until the client’s MAC learned. This applies only to newly learned hosts.

Table 12: Switch, user, VLAN mapping key
Designation Definition Assigned VLAN

G

guest users

1

V

voice users

2

AU

authenticated users

3

B1

uplink port

 

A1, A2, A3, A4

ports on 2920 switch

 

The requirements are:

  1. Guest users should not able to talk to each-other.

  2. Guest users should be able to talk to Uplink port and vice-versa.

  3. Voice Users should be able to talk to each other.

  4. Authenticated users should be able to talk to each other

In this example, any unknown SA mac-addresses will be dropped on the ports which are in the isolate-list irrespective of the VLAN. If a switch receives a packet from a host on source-VLAN filter configured ports (isolate-list port), the packet will not be forwarded until the host’s MAC address is programmed on MAC table.
Table 13: MAC table

State

User

Behavior

Unknown SA - MAC Table is not Programmed.

Guest User

Drop on all isolate ports coming on any VLAN

Unknown SA - MAC Table is not Programmed.

Authenticated User

Drop on all isolate ports coming on any VLAN

Unknown SA - MAC Table is not Programmed.

Voice User

Drop on all isolate ports coming on any VLAN

MAC Table is Programmed.

Guest User

Drop on all isolate ports coming on the particular VLAN

MAC Table is Programmed.

Authenticated User

Forward for authenticated users.

MAC Table is Programmed.

Voice User

Forward for Voice Users.