Re: Need set port isolation

Mohamad AMmar · ‎06-24-2025

How enable or set port isolation in catalyst 1300 48T 4x

Jens Albrecht · ‎06-24-2025

this can be done either via CLI or using the WebGUI.

Cisco calls this feature a 'Protected Port'. If you use the WebGUI, navigate to Port Management > Port Settings.
To update the port settings, select the port or ports you need and click Edit.
The parameter you want to change is called 'Protected Port', then finally click Apply.

You can also do the same via CLI using the folloing commands:

enable
configure terminal
port-isolation ethernet 1/2 to 1/4
end
! To verify the config:
show port-isolation

HTH!

Mohamad AMmar · ‎06-24-2025

We try this but dont solve my problem. You say that protected port and port isolation is same !!

Mohamad AMmar · ‎06-24-2025

My need is configure 2 ports in the switch separate from others ports

Jens Albrecht · ‎06-24-2025

The limitation with protected port or port isolation is that you can prevent these 2 isolated ports from communicating with each other but they are still able to communicate with all other non-isolated ports in this vlan.

If you want to completely isolate these 2 ports from all other ports in the same vlan, except the gateway, then you need to configure a different feature called private-vlans.

With private-vlans there are 3 different roles for each port:

isolated ports can only communicate with promiscuous ports
community ports can communicate with all other ports in the same community and promiscuous ports
promiscuous ports can communicate with all other ports including isolated and community

Promiscuous ports are used for devices that all clients need to reach, e.g. the gateway or a common printer.

This feature can be configured via the CLI with the following vlans as an examle:
VLAN 100 is the primary PVLAN.
VLAN 101 (isolated) and 102 (community) are secondary vlans.

vtp mode transparent

vlan 100
 private-vlan primary
 private-vlan association 101,102

vlan 101
 private-vlan isolated

vlan 102
 private-vlan community

! Configure a promiscuous port for the gateway
interface GigabitEthernet1/0/1
 switchport mode private-vlan promiscuous
 switchport private-vlan mapping 100 101,102

! Configure an isolated port
interface GigabitEthernet1/0/2
 switchport mode private-vlan host
 switchport private-vlan host-association 100 101

! Configure a community port
interface GigabitEthernet1/0/3
 switchport mode private-vlan host
 switchport private-vlan host-association 100 102

! Verification of the config:
show vlan private-vlan
show interfaces switchport

For more details refer to the VLAN commands in the Cisco Catalyst 1300 Switches Series CLI Guide.

HTH!

wajidhassan · ‎06-24-2025

Hey @Mohamad AMmar,

Yes, in the Catalyst 1300 series, "Protected Port" and "Port Isolation" mean the same thing. They're Cisco's way of isolating ports at Layer 2. When you enable this on two ports, they won’t be able to talk to each other or to any other protected ports, but they can still communicate upstream (like to a router or internet gateway).

So if your goal is to separate 2 specific ports from all others, you should enable the protected port setting on just those 2 ports. Make sure no other ports are marked as protected, or they’ll all be isolated together.

Mohamad AMmar · ‎06-24-2025

Ok my need that just this 2 ports communicate separately

Blue_Bird · ‎06-24-2025

Hello,

Port isolation (also known as protected ports) can be enabled on a Cisco Catalyst 1300 48T 4X switch through the Command Line Interface (CLI). Specifically, the "port-isolation" feature provides Layer 2 isolation between interfaces that share the same VLAN.

To configure and very port-isolation:

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst_pon/software/configuration_guide/olt_port/b-gpon-config-olt-port/port_isolation_configuration.pdf

if you are unable configure through CLI, you can also try through GUI

Best regards
******* If This Helps, Please Rate *******