Home > Switches > Port and VLAN Configuration > Restricting Traffic with Isolated Switch Ports

Restricting Traffic with Isolated Switch Ports

Port isolation allows a network administrator to prevent traffic from being sent between specific ports. This can be configured in addition to an existing VLAN configuration, so even client traffic within the same VLAN will be restricted. This article outlines how to configure isolated ports, as well as best practices and example implementations.

Configuration

Isolated ports can either be configured on a per-port basis, or in bulk. The following instructions explain how to enable isolation in Dashboard:

  1. Navigate to the Dashboard network containing the switch(es) to be configured.
  2. Select Configure > Switch ports.
  3. Click the check box on the left of each port.
  4. Click the Edit button to edit the port configuration.


     
  5. Set Isolation to “enabled” in the configuration window.


     
  6. Select Update to save the configuration.

Note: Isolation can also be enabled/disabled on individual switch ports, on the switch's page in Dashboard.

Implementation and Best Practices

When ports on a switch have been isolated, the MS will not send any layer-2 network traffic from one isolated port to another. This can be useful in a multi-tenant environment, for example, where clients should be unable to send traffic to each other.

In the following two example diagrams, the orange ports indicate isolated ports, and the green ports have isolation disabled. The topology below is an example of port isolation being used to block inter-client communication, while still allowing Internet access:
 

Isolated Ports 1.png

 

When implementing port isolation, it is important to ensure that the appropriate ports have been isolated, so that traffic can reach the appropriate destination. In the example below, switch A’s uplink port has been isolated, so clients connected to any other isolated port on A are unable to communicate with the gateway:
 

Isolated Ports 2.png

You must to post a comment.
Last modified
12:30, 10 Jul 2017

Tags

This page has no custom tags.

Classifications

This page has no classifications.

Article ID

ID: 2421

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case