XGS4600 - Port isolation issue

Bash
Bash Posts: 8  Freshman Member
First Comment Friend Collector
edited August 2022 in Switch
Hi,

We have noticed an issue that seems to happen quite regularly where the configuration "vlan1q port-isolation" on our ports ceases to take effect.

This persists even through reboot. The only way to 'reactivate' the port isolation is to remove it from all affected ports and reapply the config once more.

Is this known about or a fix planned?


All Replies

  • Zyxel小編 Lucious
    Zyxel小編 Lucious Posts: 277  Zyxel Employee
    25 Answers First Comment Friend Collector Third Anniversary
    edited February 2019
    Hi @Bash

    The port isolation, in a simple explanation, is to block traffic the between the ports of which the feature is enable. For example, after enabling port isolation on port 1 & 2, they can not communicate with each other anymore, but port 1 can still communicate with any other ports (except port 2) on the switch.


    We don't quite get your idea about "ports ceases to take effect". In case of enabling port isolation on all the ports of switch, leads to every ports not communicating with each other. Is this the situation you have?

    If no, please describe the scenario and symptom more in specific and detail, and also provide the topology / firmware version if possible.

    Look forward to your feedback.
    Zyxel_Lucious
  • Bash
    Bash Posts: 8  Freshman Member
    First Comment Friend Collector
    Hi @Zyxel_Lucious

    Thankyou for the quick reply.

    To give context, we have customers connected on ports of which we have enabled port isolation as shown below;

    interface port-channel 1/1  
      pvid 199 
      frame-type untagged 
      vlan1q port-isolation 
    exit 
    interface port-channel 1/2  
      pvid 199 
      frame-type untagged 
      vlan1q port-isolation 
    exit 
    interface port-channel 1/3  
      pvid 199 
      frame-type untagged 
      vlan1q port-isolation 
    exit 
    interface port-channel 1/4  
      pvid 199 
      frame-type untagged 
      vlan1q port-isolation 
    exit 
    interface port-channel 1/5  
      pvid 199 
      frame-type untagged 
      vlan1q port-isolation 

    The issue we are seeing is that, after a period of time, upon logging into one of these customers e.g. customer connected to port 1/3. He can see and communicate with other the other customers on 1/1,1/2,1/3 and 1/5 even though port-isolation is enabled.

    The only fix we have found is to run the following commands;
    stack# configure
    stack(config)# interface port-channel 1/1-1/5
    stack(config-interface)# no vlan1q port-isolation 
    stack(config-interface)# vlan1q port-isolation 
    stack(config-interface)# exit

    Our firmware for reference;
    stack# show version 
      Current ZyNOS version : V4.50(ABBI.1) | 09/11/2017

  • Zyxel小編 Lucious
    Zyxel小編 Lucious Posts: 277  Zyxel Employee
    25 Answers First Comment Friend Collector Third Anniversary
    Hi @Bash

    We get the picture and have some test in our local LAB, unfortunately we cannot replicate the symptom based on the given configuration.

    1. "after a period of time" as you mentioned, exactly how long did it take?
    2. We may need some further info from you to figure out the cause.

    We'll PM you for the further info.

    Zyxel_Lucious

Categories

Switch Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)