No relevant resource is found in the selected language.
Enterprise
Worldwide
Search
Support Documentation
S12700 V200R010C00 Configuration Guide - Ethernet Switching

This document describes the configuration of Ethernet services, including configuring link aggregation, VLANs, Voice VLAN, VLAN mapping, QinQ, GVRP, MAC table, STP/RSTP/MSTP, SEP, and so on.

Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Intra-VLAN Layer 2 Isolation

Intra-VLAN Layer 2 Isolation

You can add different users to different VLANs to implement Layer 2 isolation between users. However, if an enterprise has too many users, then this method uses a large number of VLANs and makes configurations more complex, increasing the workload of the network administrator.

Huawei provides intra-VLAN Layer 2 isolation technologies including port isolation, MUX VLAN, and Modular QoS Command-Line Interface (MQC).

Port Isolation

Port isolation can isolate interfaces in a VLAN. You can add interfaces to a port isolation group to disable Layer 2 packet transmission between the interfaces. Interfaces in different port isolation groups or are not in any port isolation groups can exchange packets with other interfaces normally. Interfaces can also be isolated unidirectionally, creating a more secure and flexible network.

For details about port isolation, see Configuring Port Isolation in "Ethernet Interface Configuration" in the S12700 V200R010C00 Configuration Guide - Interface Management.

MUX VLAN

Multiplex VLAN (MUX VLAN) provides a mechanism to control network resources using VLANs. It can implement inter-VLAN communication and intra-VLAN isolation.

For example, an enterprise has the following requirements:
  • Employees can communicate with each other but customers are isolated.
  • Both employees and customers can access enterprise servers.

You can deploy the MUX VLAN to meet the preceding requirements.

For details about the MUX VLAN feature, see MUX VLAN Configuration.

Intra-VLAN Layer 2 Isolation Based on the Traffic Policy

A traffic policy is configured by binding traffic classifiers to traffic behaviors. You can define traffic classifiers on a switch to match packets with certain characteristics and associate the traffic classifiers with the permit or deny behavior in a traffic policy. The switch then permits or denies packets matching the traffic classifiers. In this way, intra-VLAN unidirectional or bidirectional isolation is implemented based on the traffic policy.

The switch supports intra-VLAN Layer 2 isolation based on MQC and ACL-based simplified traffic policies. For details about MQC and ACL-based simplified traffic polices, see MQC Configuration and ACL-based Simplified Traffic Policy Configuration in the S12700 V200R010C00 Configuration Guide - QoS.

Translation
简体中文
Download
Updated: 2022-05-23

Document ID: EDOC1000142081

Views: 1063495

Downloads: 896

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Digital Signature File

Digital Signature Authentication Mode
Share
Previous Next

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :