No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

How to let four physical interfaces forbid accessing each other on LAN interface.

Publication Date:  2012-09-18 Views:  109 Downloads:  0
Issue Description
User requests the USG2110 that four physical interfaces forbid accessing each other under LAN interface. But actually it likes HUB interface, and only can configure the ip address for a single interface. it is not layer 3 interface, and it can not divide VLAN like Layer 2 switch. So that the four interfaces can not forbid accessing each other.
topology diagram:
                                    |
                              USG2110
                              |         |
           192.168.1.0/24       192.168.0.0/24
Alarm Information
none
Handling Process
Get rid of the two consideration, because the LAN interface can not divide VLAN and can not configure ip address on single interface.
So think about the three way. The configuration is as follow:
interface Ethernet0/0/1
ip address 192.168.1.1 255.255.255.0
ip address 192.168.0.1 255.255.255.0 sub
ip policy route-policy test1

traffic classifier test operator and
if-match acl 3001
traffic behavior test
acl number 3001
rule 5 permit ip source 192.168.1.0 0.0.0.255 destination 192.168.0.0 0.0.0.255

route-policy test1 permit node 1
if-match acl 3001
apply output-interface NULL0

This configuration ensures that the network segment packet of 192.168.1.0/24 can not reach 192.168.0.0/24 under the same LAN interface.
Then configure the same route-policy from 192.168.0.0/24 to 192.168.1.0/24.
Finally, you let the interface forbid accessing each other.
Root Cause
Configure the customer’s country code.
1. consider that whether it can forbid from layer 3 point of view
2. consider the VLAN point of view of layer 2
3. consider the QOS point of view
Suggestions
none

END