No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Interface Management

CloudEngine 12800 and 12800E V200R003C00

This document describes the interface management configuration, including basic interface configuration, Ethernet interface configuration, and logical interface configuration.

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring Port Isolation

Configuring Port Isolation

Context

To implement Layer 2 isolation between interfaces, you can add different interfaces to different VLANs. This wastes VLAN resources. Layer 2 port isolation can isolate interfaces in the same VLAN. That is, you only need to add interfaces to a port isolation group to implement Layer 2 isolation between these interfaces. Layer 2 port isolation provides secure and flexible networking schemes.

Figure 2-6 shows the Layer 2 port isolation method and application scenario. PC1, PC2, and PC3 belong to VLAN 10. After GE1/0/1 on PC1 and GE1/0/2 on PC2 are added to the Layer 2 port isolation group, PC1 and PC2 cannot communicate with each other in VLAN 10, but they can communicate with PC3.

Figure 2-6 Networking diagram of Layer 2 port isolation

NOTE:
  • Only Layer 2 interfaces support Layer 2 port isolation.

  • The CE12800E supports a maximum of 32 Layer 2 port isolation groups. CE12800 series switches support a maximum of two Layer 2 port isolation groups.

  • Layer 2 port isolation can be configured for interfaces on the same switch or on different switches in a stack system. In versions earlier than V200R001C00, the Layer 2 port isolation function does not take effect for Layer 2 packets that are encapsulated through TRILL and VXLAN tunnels. In V200R001C00 and later versions, the Layer 2 port isolation function of CE12800 switches takes effect for Layer 2 packets that are encapsulated at the VXLAN service access side and does not take effect for TRILL packets. Layer 2 port isolation for interfaces on different switches in a stack system has been supported since V100R003C10.

  • The Layer 2 port isolation and VPLS functions can be configured on a switch together only when the card interoperability mode is set to enhanced mode.

Procedure

  • Configure port isolation.
    1. Run system-view

      The system view is displayed.

    2. Run interface interface-type interface-number

      The Ethernet interface view is displayed.

    3. Run port-isolate enable group group-id

      Layer 2 port isolation is enabled.

      By default, Layer 2 port isolation is disabled.

    4. Run commit

      The configuration is committed.

Verifying the Configuration

Run the display port-isolate group { group-id | all } command in any view to check the configuration of the interface isolation group.

Translation
Download
Updated: 2019-05-05

Document ID: EDOC1100004195

Views: 18980

Downloads: 37

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Share
Previous Next