No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Ethernet Switching

S7700 and S9700 V200R012C00

This document describes the configuration of Ethernet services, including configuring MAC address table, link aggregation, VLANs, VLAN aggregation, MUX VLAN, VLAN termination, Voice VLAN, VLAN mapping, QinQ, GVRP, VCMP, STP/RSTP/MSTP, VBST, SEP, RRPP, ERPS, LBDT, HVRP, and Layer 2 protocol transparent transmission.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Using a Traffic Policy to Implement Inter-VLAN Access Control

Using a Traffic Policy to Implement Inter-VLAN Access Control

As shown in Figure 4-21, to ensure communication security, a company divides the network into visitor area, employee area, and server area, and assigns VLAN 10, VLAN 20, and VLAN 30 to the areas respectively. The company has the following requirements:
  • Employees, visitors, and servers can access the Internet.
  • Visitors cannot communicate with employees and can access only Server_1 in the server area.
Figure 4-21  Using a traffic policy to implement inter-VLAN access control
The central switch (Switch) is configured with VLANIF 10, VLANIF 20, VLANIF 30, and VLANIF 100 and a route to the router, after which employees, visitors, and servers can access the Internet and communicate with each other. To control access rights of visitors, configure a traffic policy on the central switch and define the following rules:
  • ACL rule 1: denies the packets sent from the IP network segment of visitors to the IP segment of employees.
  • ACL rule 2: permits the packets from the IP network segment of visitors to the IP address of Server_1, and denies the packets from the IP network segment of visitors and to the IP segment of servers.
  • ACL rule 3: denies the packets from the IP network segment of employees to the IP segment of visitors.
  • ACL rule 4: denies the packets from the IP network segment of servers to the IP segment of visitors.

Apply the traffic policy to the inbound and outbound direction of the switch interface connected to the visitor area. Visitors can then only access Server_1 and cannot communicate with employees.

Translation
Download
Updated: 2019-01-18

Document ID: EDOC1100038843

Views: 108519

Downloads: 71

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next