No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


CLI-based Configuration Guide - Ethernet Switching

AR650, AR1600, and AR6100 V300R003

This document describes how to configure the components for LAN services, including link aggregation groups, VLANs, voice VLANs, MAC address tables, transparent bridging, as well as GVRP, STP/RSTP, and MSTP protocols.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Intra-VLAN Layer 2 Isolation

Intra-VLAN Layer 2 Isolation

You can add different users to different VLANs to implement Layer 2 isolation between users. If an enterprise has many users, VLANs have to be allocated to all users that are not allowed to communicate with each other. This user isolation method uses a large number of VLANs and makes configuration more complex, increasing the maintenance workload of the network administrator.

Huawei provides intra-VLAN Layer 2 isolation technologies including port isolation, and Modular QoS Command-Line Interface (MQC).

Port Isolation

Port isolation can isolate interfaces in a VLAN. You can add interfaces to a port isolation group to disable Layer 2 packet transmission between the interfaces. Interfaces in different port isolation groups or out of port isolation groups can exchange packets with other interfaces. In addition, interfaces can be isolated unidirectionally, providing more secure and flexible networking.

For details about port isolation, see Configuring Interface Isolation in Huawei AR650&AR1600&AR6100 Series Routers Configuration Guide - Interface Management.

Intra-VLAN Layer 2 Isolation Based on the Traffic Policy

A traffic policy is configured by binding traffic classifiers to traffic behaviors. You can define traffic classifiers on a device to match packets with certain characteristics and associate the traffic classifiers with the permit or deny behavior in a traffic policy. The device then permits or denies packets matching the traffic classifiers. In this way, intra-VLAN unidirectional or bidirectional isolation is implemented based on the traffic policy.

The device supports intra-VLAN Layer 2 isolation based on MQC and simplified ACL-based traffic policies. For details about MQC and simplified ACL-based traffic policies, see MQC Configuration and ACL-based Simplified Traffic Policy Configuration in Huawei AR650&AR1600&AR6100 Series Routers Configuration Guide - QoS.

Updated: 2019-04-12

Document ID: EDOC1100041791

Views: 58812

Downloads: 40

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Previous Next