No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S1720GFR, S2700, S5700, and S6720 V200R010C00 Web-based Configuration Guide

This document describes the configuration and maintenance of device through the web network management system. The web network management system provides the functions of viewing device information and managing the entire system, interfaces, services, ACL, QoS, routes, security, and tools.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Port Isolation

Example for Configuring Port Isolation

Networking Requirements

An R&D office of a company contains employees from the company, partner company A, and partner company B. As shown in Figure 2-255, PC1 and PC2 represent two employees from partner companies A and B respectively, and PC3 represents an R&D employee from the company. The requirements are as follows:

  • VLAN IDs need to be saved.
  • Employees from partner companies A and B cannot communicate with each other.
  • Employees from partner companies A and B can communicate with the company's employees.
Figure 2-255  Network diagram for configuring port isolation

Configuration Roadmap

The configuration roadmap is as follows:

  1. Add interfaces to a VLAN.

  2. Set the port isolation mode to Layer 2 isolation and Layer 3 interworking.

  3. Add interfaces to a port isolation group to implement Layer 2 isolation between these interfaces.

Procedure

  • Add interfaces to a VLAN.
    1. Create VLAN 10.

      # Choose Service Management > VLAN > VLAN in the navigation tree to display the VLAN page, as shown in Figure 2-256.

      Figure 2-256  VLAN page

      # Click Create to display the Create VLAN page, and enter 10 in the VLAN ID text box, as shown in Figure 2-257.

      Figure 2-257  Creating a VLAN

      # Click OK.

    2. Add interfaces to VLAN 10.

      # Set the link type to Access for GE0/0/1, GE0/0/2, and GE0/0/3.

      If the interface link type is Access, do not perform the following steps.

      If the interface link type is trunk or hybrid, perform the following steps to change the link type to Access. For details, see "Changing the Link Type" in Trunk Interface and Hybrid Interface.

      1. Choose Service Management > VLAN > Trunk Interface in the navigation tree to display the Trunk Interface page.
      2. Select GE0/0/1, GE0/0/2, and GE0/0/3, and click Change Link Type, as shown in Figure 2-258.
        Figure 2-258  Selecting interfaces
      3. In the displayed Change Link Type dialog box, select Access, as shown in Figure 2-259.

        Figure 2-259  Changing the link type to Access

      4. Click OK to complete the configuration.

      # Add interfaces to VLAN 10.

      1. Choose Service Management > VLAN > Access Interface in the navigation tree to display the Access Interface page.

      2. Select GE0/0/1, GE0/0/2, and GE0/0/3.

      3. Enter 10 in the Add to VLAN text box, as shown in Figure 2-260.

        Figure 2-260  Adding interfaces to a VLAN in Access mode

      # Click Add to complete the configuration.

  • Configure the isolation mode.
    1. Choose Security > Port Isolation in the navigation tree to display the Port Isolation page.
    2. Select the isolation mode L2, as shown in Figure 2-261.

      Figure 2-261  Configuring the isolation mode

    3. Click Apply to complete the configuration.
  • Add interfaces to a port isolation group.
    1. Click the Bidirectional Isolation tab page to display the Bidirectional Isolation page.
    2. Click Create to display the Create an isolation group page, as shown in Figure 2-262.

      Figure 2-262  Creating a port isolation group

    3. Select GE0/0/1 and GE0/0/2, and click to add the interfaces to port isolation group 1.
    4. Click OK to complete the configuration.
  • Click in the navigation tree.

Result

Perform the following configurations on the switch to verify the configurations.

  • Check the VLAN configuration.

    Choose Service Management > VLAN > VLAN to display the VLAN page.

    Click the portList next to the VLAN whose VLAN ID is 10 to display the portList window, as shown in Figure 2-263.

    GE0/0/1, GE0/0/2, and GE0/0/3 are added to VLAN 10.

    Click Close.

    Figure 2-263  Checking interfaces added to VLAN 10
  • Check the port isolation configuration.

    Choose Security > Port Isolation in the navigation tree to display the Port Isolation page. Click the Bidirectional Isolation tab page to display the Bidirectional Isolation page.

    Enter 1 in the Isolation group number text box and click Query. The Port list of port isolation group 1 is displayed, as shown in Figure 2-264.

    GE0/0/1 and GE0/0/2 are in port isolation group 1.

    Figure 2-264  Checking port isolation group 1

Translation
Download
Updated: 2019-08-21

Document ID: EDOC1000114003

Views: 50542

Downloads: 1059

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next