No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - Interface Management

AR100, AR120, AR160, AR1200, AR2200, AR3200, and AR3600 V300R003

This document provides the basic concepts, configuration procedures, and configuration examples of the interfaces supported by the device.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring Interface Isolation

Configuring Interface Isolation

Context

NOTE:

The AR100&AR120&AR150&AR160&AR200 series, AR1200 series, AR2220E, AR2201-48FE, AR2202-48FE, AR2204-51GE-P, AR2204-51GE-R, AR2204-27GE-P, AR2204-27GE, AR2204E, AR2204E-D, and AR2204 only support isolation at Layer 2 and interworking at Layer 3.GE0/0/3 to GE0/0/26 on the AR2204-51GE-P and AR2204-51GE-R cannot be isolated from GE0/0/27 to GE0/0/50.

An interface on the 4GE-2S, 9ES2, 4ES2G-S or 4ES2GP-S card cannot be isolated from an interface on other cards.

Table 2-4 describes the interface isolation methods and application scenarios.

Table 2-4  Interface isolation methods and application scenarios
Isolation Method Application Scenario
Configure unidirectional isolation on interfaces
  • When multiple hosts connect to different interfaces of the same device and a host with security risks sends many broadcast packets to the other hosts, isolate the host from the other hosts unidirectionally to prevent the other hosts from receiving packets from this host.
  • Interfaces in an interface isolation group are isolated from each other, but interfaces in different interface isolation groups can communicate. To isolate interfaces in different interface isolation groups, configure unidirectional isolation between these interfaces.
Configure an interface isolation group

To implement Layer 2 isolation between interfaces, you can add interfaces to different VLANs. This, however, wastes VLAN resources. Interface isolation can also isolate interfaces in the same VLAN. You can add interfaces to an interface isolation group to implement Layer 2 isolation between these interfaces. Interface isolation provides secure and flexible networking schemes for customers.

Procedure

  • Configure unidirectional isolation on interfaces.
    1. Run system-view

      The system view is displayed.

    2. (Optional) Run port-isolate mode { l2 | all }

      Interface isolation is configured.

      By default, ports are isolated at Layer 2 but can communicate at Layer 3.

    3. Run interface interface-type interface-number

      The Ethernet interface view is displayed.

    4. Run am isolate { interface-type interface-number }&<1-8>

      Unidirectional isolation is configured on the Ethernet interface.

      By default, the unidirectional isolation function is disabled.

      NOTE:

      If interface A is isolated from interface B unidirectionally, packets sent from interface A cannot reach interface B, but packets sent from interface B can reach interface A.

  • Configure an interface isolation group.
    1. Run system-view

      The system view is displayed.

    2. (Optional) Run port-isolate mode { l2 | all }

      Interface isolation is configured.

      By default, ports are isolated at Layer 2 but can communicate at Layer 3.

    3. Run interface interface-type interface-number

      The Ethernet interface view is displayed.

    4. Run port-isolate enable [ group group-id ]

      Interface isolation is enabled on the Ethernet interface.

      By default, interface isolation is disabled.

      NOTE:

      Interfaces in an interface isolation group are isolated from each other, but interfaces in different interface isolation groups can communicate. If group-id is not specified, interfaces are added to interface isolation group 1.

Translation
Download
Updated: 2019-03-06

Document ID: EDOC1100069331

Views: 21465

Downloads: 99

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next