No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


S12700 V200R012C00 Configuration Guide - Ethernet Switching

This document describes the configuration of Ethernet services, including configuring MAC address table, link aggregation, VLANs, VLAN aggregation, MUX VLAN, VLAN termination, Voice VLAN, VLAN mapping, QinQ, GVRP, VCMP, STP/RSTP/MSTP, VBST, SEP, RRPP, ERPS, LBDT, and Layer 2 protocol transparent transmission.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Using VLAN Assignment to Implement Layer 2 Isolation

Using VLAN Assignment to Implement Layer 2 Isolation

Interface-based VLAN Assignment

As shown in Figure 4-16, there are multiple companies in a building. These companies share network resources to reduce costs. Networks of the companies connect to different interfaces of the same Layer 2 switch and access the Internet through an egress.

Figure 4-16  Networking of interface-based VLAN assignment

To isolate services and ensure service security of different companies, add interfaces connected to the companies to different VLANs. Each company has a virtual router and each VLAN is a virtual work group.

MAC Address-based VLAN Assignment

As shown in Figure 4-17, a company has two office areas that connect to the company's network through Switch_2 and Switch_3 respectively. Employees often move between the two office areas.

Figure 4-17  Networking of MAC address-based VLAN assignment

To enable employees to access network resources such as servers after they move from one office area to the other, configure MAC address-based VLAN assignment on Switch_2 and Switch_3. As long as the MAC address of User_1 remains unchanged, the user belongs to the same VLAN and can still access the company's network resources after changing location.

IP Subnet-based VLAN Assignment

As shown in Figure 4-18, a company has two departments: departments 1 and 2. The two departments are assigned fixed IP network segments. Employees' locations often change to strengthen learning and communication, but the company requires that network resource access rights remain unchanged.

Figure 4-18  Networking of IP subnet-based VLAN assignment

To ensure that employees retain the rights to access network resources after changing locations, configure IP subnet-based VLAN assignment on the company's central switch. Different network segments of servers are assigned to different VLANs to isolate data flows of different application services, improving security.

Updated: 2019-01-18

Document ID: EDOC1100038103

Views: 126219

Downloads: 52

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Previous Next