Isolate-list command example
The example command allows ports a1-a4 to talk to each other on ports other than VLAN 1.
Any VLAN 1 packets received on port a1-a4 will not be forwarded to ports a1-a4. This applies to all hosts on port a1-a4, no matter if the source MAC address is authenticated or not. Additionally, there is a small window when learning a new source MAC address where packets from that address are not forwarded to ports a1-a4 dropped. Which means traffic received from a client on ports a1-a4 will not be forwarded to any other port and VLAN until the client’s MAC learned. This applies only to newly learned hosts.
Switch, user, VLAN mapping key
Designation | Definition | Assigned VLAN |
---|---|---|
G | guest users | 1 |
V | voice users | 2 |
AU | authenticated users | 3 |
B1 | uplink port | |
A1, A2, A3, A4 | ports on 2920 switch |
In this example, any unknown SA mac-addresses will be dropped on the ports which are in the isolate-list irrespective of the VLAN. If a switch receives a packet from a host on source-VLAN filter configured ports (isolate-list port), the packet will not be forwarded until the host’s MAC address is programmed on MAC table.
MAC table
State | User | Behavior |
---|---|---|
Unknown SA - MAC Table is not Programmed. |
Guest User |
Drop on all isolate ports coming on any VLAN |
Unknown SA - MAC Table is not Programmed. |
Authenticated User |
Drop on all isolate ports coming on any VLAN |
Unknown SA - MAC Table is not Programmed. |
Voice User |
Drop on all isolate ports coming on any VLAN |
MAC Table is Programmed. |
Guest User |
Drop on all isolate ports coming on the particular VLAN |
MAC Table is Programmed. |
Authenticated User |
Forward for authenticated users. |
MAC Table is Programmed. |
Voice User |
Forward for Voice Users. |