No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Ethernet Switching

S1720, S2700, S5700, and S6720 V200R012(C00 and C20)

This document describes the configuration of Ethernet services, including configuring MAC address table, link aggregation, VLANs, VLAN aggregation, MUX VLAN, VLAN termination, Voice VLAN, VLAN mapping, QinQ, GVRP, VCMP, STP/RSTP/MSTP, VBST, SEP, RRPP, ERPS, LBDT, and Layer 2 protocol transparent transmission.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring a Traffic Policy to Implement Inter-VLAN Layer 3 Isolation

Configuring a Traffic Policy to Implement Inter-VLAN Layer 3 Isolation

After inter-VLAN Layer 3 connectivity is configured, if some users in different VLANs require unidirectional access or need to be isolated, configure inter-VLAN Layer 3 isolation.

Context

Inter-VLAN Layer 3 isolation is implemented using a traffic policy. A traffic policy is configured by binding traffic classifiers to traffic behaviors. The switch classifies packets according to the packet information, and associates a traffic classifier with a traffic behavior to reject the packets matching the traffic classifier.

The switch provides inter-VLAN Layer 3 isolation based on MQC and based on the ACL-based simplified traffic policy.

Pre-configuration Tasks

Before configuring a traffic policy to implement inter-VLAN Layer 3 isolation, perform the task of Configuring Inter-VLAN Communication.

Procedure

  • Configure MQC to implement inter-VLAN Layer 3 isolation.

    Perform the following MQC configurations to implement inter-VLAN Layer 3 isolation:
    • Specify permit or deny in the traffic behavior.
    • Apply the traffic policy to a VLAN or an interface that allows the VLAN.

    For details about how to configure MQC, see Configuring Packet Filtering in "Packet Filtering Configuration" in the S1720, S2700, S5700, and S6720 V200R012(C00&C20) Configuration Guide - QoS.

  • Configure an ACL-based simplified traffic policy to implement inter-VLAN Layer 3 isolation.

    For details about how to configure an ACL-based simplified traffic policy, see Configuring ACL-based Packet Filtering in "ACL-based Simplified Traffic Policy Configuration" in the S1720, S2700, S5700, and S6720 V200R012(C00&C20) Configuration Guide - QoS.

Translation
Download
Updated: 2018-12-24

Document ID: EDOC1100038339

Views: 156413

Downloads: 680

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next