No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Configuration Guide - Ethernet Switching

S1720, S2700, S5700, and S6720 V200R012(C00 and C20)

This document describes the configuration of Ethernet services, including configuring MAC address table, link aggregation, VLANs, VLAN aggregation, MUX VLAN, VLAN termination, Voice VLAN, VLAN mapping, QinQ, GVRP, VCMP, STP/RSTP/MSTP, VBST, SEP, RRPP, ERPS, LBDT, and Layer 2 protocol transparent transmission.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Intra-VLAN Layer 2 Isolation

Intra-VLAN Layer 2 Isolation

You can implement Layer 2 isolation between users by adding them to different VLANs. VLANs have to be allocated to all users who are not allowed to communicate with each other. If an enterprise has many users, this user isolation method uses a large number of VLANs and makes configuration more complex, increasing the maintenance workload of the network administrator.

Huawei provides intra-VLAN Layer 2 isolation technologies including port isolation, MUX VLAN, and Modular QoS Command-Line Interface (MQC).

Port Isolation

Port isolation can isolate interfaces in the same VLAN. You can add interfaces to a port isolation group to disable Layer 2 packet transmission between the interfaces. Interfaces in different port isolation groups or in no port isolation groups can exchange packets with each other. In addition, interfaces can be isolated unidirectionally, providing more secure and flexible networking.

For details about port isolation, see Configuring Port Isolation in "Ethernet Interface Configuration" in the S1720, S2700, S5700, and S6720 V200R012(C00&C20) Configuration Guide - Interface Management.


Multiplex VLAN (MUX VLAN) provides a mechanism to control network resources using VLANs. It can implement inter-VLAN communication and intra-VLAN isolation.

For example, an enterprise has the following requirements:
  • Employees can communicate with each other but customers are isolated from each other.
  • Both employees and customers can access enterprise servers.

You can deploy the MUX VLAN to meet the preceding requirements.

For details about the MUX VLAN feature, see MUX VLAN Configuration.

Traffic Policies

A traffic policy is configured by binding traffic classifiers to traffic behaviors. You can define traffic classifiers on a switch to match packets with certain characteristics and associate the traffic classifiers with the permit or deny behavior in a traffic policy. The switch then permits or denies packets matching the traffic classifiers. In this way, intra-VLAN unidirectional or bidirectional isolation is implemented based on the traffic policy.

The switch supports intra-VLAN Layer 2 isolation based on MQC and ACL-based simplified traffic polices. For details about MQC and ACL-based simplified traffic polices, see MQC Configuration and ACL-based Simplified Traffic Policy Configuration in the S1720, S2700, S5700, and S6720 V200R012(C00&C20) Configuration Guide - QoS.

Updated: 2018-12-24

Document ID: EDOC1100038339

Views: 155386

Downloads: 674

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next