Versions Compared

Old Version 35

changes.mady.by.user Edgars P.

Saved on

compared with

New Version 36

changes.mady.by.user Edgars P.

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

In some scenarios you might need to isolate a group of devices from other groups, this can be done using the switch port isolation feature. This is useful when you have multiple networks but you want to use a single switch, with port isolation you can allow certain switch ports to be able to communicate through only a set of switch ports. In this example devices on ether1-43 will only be able to communicate with devices that are on ether1-43, while devices on ether5ether4-85 will only be able to communicate with devices on ether5ether4-85 (ether1-43 is not able to communicate with ether5ether4-85)

Note

Port isolation is only available between ports that are members of the same switch.


Image RemovedImage Added

To configure isolated switch groups you must first switch all ports:

Code Block
languageros
/interface bridge
add name=bridge
/interface bridge port
add bridge=bridge1 interface=ether1 hw=yes
add bridge=bridge1 interface=ether2 hw=yes
add bridge=bridge1 interface=ether3 hw=yes
add bridge=bridge1 interface=ether4 hw=yes
add bridge=bridge1 interface=ether5 hw=yes
add bridge=bridge1 interface=ether6 hw=yes
add bridge=bridge1 interface=ether7 hw=yes
add bridge=bridge1 interface=ether8 hw=yes


Note

By default, the bridge interface is configured with protocol-mode set to rstp. For some devices, this can disable hardware offloading because specific switch chips do not support this feature. See the Bridge Hardware Offloading section with supported features.

...

Code Block
languageros
/interface ethernet switch port-isolation
set ether1 forwarding-override=ether2,ether3,ether4
set ether2 forwarding-override=ether1,ether3,ether4
set ether3 forwarding-override=ether1,ether2,ether4
set ether4 forwarding-override=ether1,ether2,ether3

To create an isolated switch group for B devices:

Code Block
languageros
/interface ethernet switch port-isolation
set ether5ether4 forwarding-override=ether6,ether7,ether8
set ether6 forwarding-override=ether5,ether7,ether8
set ether7 forwarding-override=ether5,ether6,ether8
set ether8 forwarding-override=ether5,ether6,ether7ether4

CPU Flow Control

All switch chips have a special port that is called switchX-cpu, this is the CPU port for a switch chip, it is meant to forward traffic from a switch chip to the CPU, such a port is required for management traffic and for routing features. By default the switch chip ensures that this special CPU port is not congested and sends out Pause Frames when link capacity is exceeded to make sure the port is not oversaturated, this feature is called CPU Flow Control. Without this feature packets that might be crucial for routing or management purposes might get dropped.

...