No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Ethernet Switching

S7700 and S9700 V200R011C10

This document describes the configuration of Ethernet services, including configuring link aggregation, VLANs, Voice VLAN, VLAN mapping, QinQ, GVRP, MAC table, STP/RSTP/MSTP, SEP, and so on.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Using VLAN Assignment to Implement Layer 2 Isolation

Using VLAN Assignment to Implement Layer 2 Isolation

Interface-based VLAN Assignment

As shown in Figure 4-16, there are multiple companies in a building. These companies share network resources to reduce costs. Networks of the companies connect to different interfaces of the same Layer 2 switch and access the Internet through an egress.

Figure 4-16  Networking of interface-based VLAN assignment

To isolate services and ensure service security of different companies, add interfaces connected to the companies to different VLANs. Each company has a virtual router and each VLAN is a virtual work group.

MAC Address-based VLAN Assignment

As shown in Figure 4-17, a company has two office areas that connect to the company's network through Switch_2 and Switch_3 respectively. Employees often move between the two office areas.

Figure 4-17  Networking of MAC address-based VLAN assignment

To enable employees to access network resources such as servers after they move from one office area to the other, configure MAC address-based VLAN assignment on Switch_2 and Switch_3. As long as the MAC address of User_1 remains unchanged, the user belongs to the same VLAN and can still access the company's network resources after changing the location.

IP Subnet-based VLAN Assignment

As shown in Figure 4-18, a company has two departments: departments 1 and 2. The two departments are assigned fixed IP network segments. Employees' locations often change to strengthen learning and communication, but the company requires that network resource access rights remain unchanged.

Figure 4-18  Networking of IP subnet-based VLAN assignment

To ensure that employees retain the rights to access network resources after changing locations, configure IP subnet-based VLAN assignment on the company's central switch. Different network segments of servers are assigned to different VLANs to isolate data flows of different application services, improving security.

Translation
Download
Updated: 2019-10-18

Document ID: EDOC1000178310

Views: 287174

Downloads: 141

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next