No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE20E-S2 V800R010C10SPC500 Configuration Guide - LAN Access and MAN Access 01

This is NE20E-S2 V800R010C10SPC500 Configuration Guide - LAN Access and MAN Access
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring Intra-VLAN Interface Isolation

Configuring Intra-VLAN Interface Isolation

After you configure selected interfaces in a VLAN as isolated interfaces, these interfaces cannot communicate.

Applicable Environment

Intra-VLAN interface isolation disables specific interfaces in a VLAN from communicating.

To enable isolated interfaces to communicate, configure proxy ARP. This implementation allows you to flexibly manage and monitor VLAN users.

Pre-configuration Tasks

Before you configure intra-VLAN interface isolation, configure an interface-based VLAN.

Configuration Procedures

Perform the following configurations based on your actual needs.

Figure 8-13 Flowchart for configuring intra-VLAN interface isolation

Configuring Interface Isolation for a Common VLAN

This section describes how to configure interface isolation for a common VLAN.

Context

Two methods are available to configure interface isolation for a common VLAN:
  • Enabling interface isolation in the interface view
  • Configuring one or more interfaces as isolated interfaces in the VLAN view
NOTE:

In a VLAN, isolated interfaces cannot communicate with each other at Layer 2, but can do so with non-isolated interfaces.

Procedure

  • Enable interface isolation in the interface view.

    Perform the following steps on the device on which the interfaces to be isolated reside:

    1. Run system-view

      The system view is displayed.

    2. Run interface { ethernet |gigabitethernet | eth-trunk } interface-number

      The interface view is displayed.

    3. Run portswitch

      The interface is configured as a switched interface.

    4. Run port default vlan vlan-id

      The interface is added to a VLAN.

    5. Run port isolate-state enable vlan { vlan-id1 [ to vlan-id2 ] } &<1-10>

      Interface isolation is enabled.

  • Configure one or more interfaces as isolated interfaces in the VLAN view.

    Perform the following steps on the device on which the interfaces to be isolated reside:

    1. Run system-view

      The system view is displayed.

    2. Run vlan vlan-id

      The VLAN view is displayed.

    3. Run port isolate { { interface-type interface-number } &<1-10>| all }

      The specified interfaces are configured as isolated interfaces.

Configuring Interface Isolation for an Outer VLAN in VLAN Stacking or a Service Provider VLAN in VLAN Mapping

This section describes how to configure interface isolation for an outer VLAN in VLAN stacking or a service provider VLAN in VLAN mapping.

Context

Perform the following steps on the device on which the interfaces to be isolated reside:

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run interface { ethernet |gigabitethernet | eth-trunk } interface-number

    The interface view is displayed.

  3. Run portswitch

    The interface is configured as a switched interface.

  4. Run outside-vlan port isolate

    Interface isolation is enabled.

Enabling Intra-VLAN Proxy ARP

This section describes how to configure proxy ARP for isolated interfaces in a VLAN to communicate.

Context

Perform the following steps on the device on which the isolated interfaces that require communication reside:

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run interface vlanif vlan-id

    A VLANIF interface is created.

  3. Run ip address ip-address { mask | mask-length } [ sub ]

    An IP address is assigned to the VLANIF interface.

    The IP address of the VLANIF interface must be on the same network segment as the IP addresses of interfaces in the VLAN.

  4. Run arp-proxy inner-sub-vlan-proxy enable

    Intra-VLAN proxy ARP is enabled.

Verifying the Intra-VLAN Interface Isolation Configuration

After interface isolation is configured for a common VLAN, verify the configuration.

Procedure

  1. Run the display port-isolate command in the VLAN view to check interface isolation information.
  2. Run the display this command in the interface view to check interface isolation information for an outer VLAN in VLAN stacking or a service provider VLAN in VLAN mapping.

Example

Run the display port-isolate command in the VLAN view. The command output shows interface isolation information.

<HUAWEI> system-view 
[~HUAWEI] vlan 10
[*HUAWEI-vlan10] display port isolate
--------------
Isolated Port : GigabitEthernet0/1/0    GigabitEthernet0/2/0

Run the display this command in the interface view. The command output shows interface isolation information for an outer VLAN in VLAN stacking or a service provider VLAN in VLAN mapping.

<HUAWEI> system-view 
[~HUAWEI] interface gigabitethernet 0/1/0 
[~HUAWEI-GigabitEthernet0/1/0] display this
#
interface GigabitEthernet0/1/0
 portswitch
 undo shutdown
 outside-vlan port isolate
#
Translation
Download
Updated: 2019-01-02

Document ID: EDOC1100055378

Views: 16817

Downloads: 35

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next