Configuring a Traffic Policy to Implement Inter-VLAN Layer 3 Isolation
After inter-VLAN Layer 3 connectivity is configured, if some users in different VLANs require unidirectional access or need to be isolated, configure inter-VLAN Layer 3 isolation.
Context
Inter-VLAN Layer 3 isolation is implemented using a traffic policy. A traffic policy is configured by binding traffic classifiers to traffic behaviors. The switch classifies packets according to the packet information, and associates a traffic classifier with a traffic behavior to reject the packets matching the traffic classifier.
The switch provides inter-VLAN Layer 3 isolation based on MQC and based on the ACL-based simplified traffic policy. You can select one of them according to your needs.
Pre-configuration Tasks
Before configuring a traffic policy to implement inter-VLAN Layer 3 isolation, perform the task of Configuring Inter-VLAN Communication.
Procedure
- Configure MQC to implement inter-VLAN Layer 3 isolation.
Perform the following MQC configurations to implement inter-VLAN Layer 3 isolation:
- Specify permit or deny in the traffic behavior.
- Apply the traffic policy to a VLAN or an interface that allows the VLAN.
For details about how to configure MQC, see Configuring Packet Filtering in "Packet Filtering Configuration" in the S12700 V200R010C00 Configuration Guide - QoS.
- Configure an ACL-based simplified traffic policy to implement inter-VLAN Layer 3 isolation.
For details about how to configure an ACL-based simplified traffic policy, see Configuring ACL-based Packet Filtering in "ACL-based Simplified Traffic Policy Configuration" in the S12700 V200R010C00 Configuration Guide - QoS.