No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S1720GFR, S2700, S5700, and S6720 V200R010C00 Web-based Configuration Guide

This document describes the configuration and maintenance of device through the web network management system. The web network management system provides the functions of viewing device information and managing the entire system, interfaces, services, ACL, QoS, routes, security, and tools.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Port Isolation

Port Isolation

You can configure and query the port isolation mode, bidirectional isolation, and unidirectional isolation.

If you want to prevent members in a group from communicating with each other but allow them to access the public devices, such as the printer and the server, you can set the port isolation mode to isolation at both Layer 2 and Layer 3 or Layer 2 isolation and Layer 3 communication.

Bidirectional Isolation

You can create, query, modify, or delete an isolation mode or a bidirectional isolation configuration.

Context

  • Interfaces in a port isolation group are isolated from each other, but interfaces in different port isolation groups can communicate.
  • The switch supports a maximum of 64 port isolation groups, numbered from 1 to 64.

Procedure

  • Configure an isolation mode.

    NOTE:
    • The default mode is L2, namely, ports are isolated at Layer 2 but can communicate at Layer 3.
    • After the isolation mode is selected, the bidirectional isolation and unidirectional isolation configurations are applied to this mode.
    • The S1720GFR, S2720, S2750, S5700LI, S5720LI, S5720S-LI, S5710-X-LI, S5700S-LI switches support only Layer 2 isolation and Layer 3 communication.
    • Configuring the isolation mode is not affected by switching the bidirectional isolation and unidirectional isolation labels.

    1. Choose Security > Port Isolation in the navigation tree to open the Port Isolation page.
    2. Choose the isolation mode. The isolation can be L2 or ALL. L2 is Layer 2 isolation and Layer 3 communication. ALL is the isolation at both Layer 2 and Layer 3.
    3. Click Apply.
  • Query an isolation group.
    1. Choose Security > Port Isolation in the navigation tree to display the Port Isolation page. Then click the Bidirectional Isolation tab.
    2. Enter a number in the text box of Isolation Group Number.
    3. Click Query to display all matching records.
  • Create an isolation group.
    1. Choose Security > Port Isolation in the navigation tree to display the Port Isolation page. Then click the Bidirectional Isolation tab.
    2. Click Create to open the Create an isolation group page, as shown in Figure 2-192.

      Figure 2-192  Create an isolation group

      Table 2-114 describes the parameters on the page.

      Table 2-114  Create an isolation group

      Parameter

      Description

      Isolation group number

      Indicates the value that the system generates automatically. The value ranges from 1 to 64. When creating an isolation group, the system assigns the minimum in existing numbers to the new isolation group.

      Select a Port

      Select the interface that you want to add to the isolation group on the port list on the left. Click to display the new interface on the right list.

    3. Select an interface.
    4. Click OK.
  • Modify an isolation group.
    1. Choose Security > Port Isolation in the navigation tree to display the Port Isolation page. Then click the Bidirectional Isolation tab.
    2. Click the corresponding icon to open the Modify isolation group page, as shown in Figure 2-193.

      Figure 2-193  Modify isolation group

      Table 2-114 describes the parameters on the page.

    3. Select an interface.
    4. Click OK.
  • Delete an isolation group.
    1. Choose Security > Port Isolation in the navigation tree to display the Port Isolation page. Then click the Bidirectional Isolation tab.
    2. Select the isolation group that you want to delete. You can delete an isolation group or multiple isolation groups.
    3. Click Delete. The system asks you whether to delete the record.
    4. Click OK.

Unidirectional Isolation

You can create, query, modify, and clear a unidirectional port isolation configuration.

Context

You can configure or delete the unidirectional isolation between the current interface and a specified interface. If interface A is isolated from interface B, packets sent from interface A cannot reach interface B, but packets sent from interface B can reach interface A.

NOTE:

Interfaces can be isolated from one another. However, an interface cannot be isolated from itself or from the management interface unidirectionally. In addition, an Eth-Trunk cannot be isolated unidirectionally from its member interfaces.

Procedure

  • Query a unidirectional isolation configuration.
    1. Choose Security > Port Isolation in the navigation tree to display the Port Isolation page. Then click the Unidirectional Isolation tab.
    2. Select an interface type from the drop-down list box.
    3. Enter the interface number, for example, 0/0/1 (stack ID/subcard ID/interface number).
    4. Click Query to display all matching records.
  • Configure unidirectional port isolation.

    NOTE:
    You can configure and modify unidirectional isolation in the same method.

    1. Choose Security > Port Isolation in the navigation tree to display the Port Isolation page. Then click the Unidirectional Isolation tab.
    2. Click the corresponding icon to open the Modify isolation port list page, as shown in Figure 2-194.

      Figure 2-194  Modify isolation port list

      Table 2-115 describes the parameters on the page.

      Table 2-115  Modify isolation port list

      Parameter

      Description

      Port name

      Indicates the name of the interface where you want to modify the configuration. This parameter cannot be modified.

      Select a Port

      Select the interface that you want to add to the isolation group on the port list on the left. Click to display the new interface on the right list.

    3. Select an interface.
    4. Click OK.
  • Clear a unidirectional isolation configuration.
    1. Choose Security > Port Isolation in the navigation tree to display the Port Isolation page. Then click the Unidirectional Isolation tab.
    2. Select the interface configured with unidirectional isolation that you want to delete. You can delete an interface or multiple interfaces.
    3. Click Clear. The system asks you whether to delete the record.
    4. Click OK on the dialog box.
Translation
Download
Updated: 2019-04-18

Document ID: EDOC1000114003

Views: 31965

Downloads: 979

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next