No relevant resource is found in the selected language.
Enterprise
Worldwide
Search
Support Documentation
CloudEngine 12800 and 12800E V200R005C10 Configuration Guide - Security

This document describes the configurations of Security, including AAA, 802.1x Authentication, ACL, TCAM ACL Customization, local attack defense, Microsegmentation, MFF, attack defense, traffic suppression and storm control, ARP security, Port security, MACsec, DHCP snooping, IPSG, URPF, SSL, Keychain and FIPS.

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring Default Microsegmentation Policies

Configuring Default Microsegmentation Policies

Context

On a network, servers can be deployed in EPGs as needed. The servers that do not belong to any EPG are unknown EPG members and the servers that belong to EPGs are EPG members. Multiple servers can belong to the same EPG.

After EPGs are deployed, if no GBP is specified for the EPGs, the device uses the default policy to perform access control for servers. Based on EPG member roles of servers, the default microsegmentation policies include configuring an access control policy for unknown EPG members, configuring the default access control policy for EPG members, and configuring the default access control policy for members in an EPG.

Procedure

  • Configure an access control policy for unknown EPG members.
    1. Run system-view

      The system view is displayed.

    2. Run traffic-segment unknown-segment { permit | deny }

      An access control policy is configured for unknown EPG members.

      By default, the access control policy for unknown EPG members is permit; that is, unknown EPG members can communicate with each other.

    3. Run commit

      The configuration is committed.

  • Configure the default access control policy for EPG members.
    1. Run system-view

      The system view is displayed.

    2. Run traffic-segment default-policy { permit | deny }

      The default access control policy is configured for EPG members.

      By default, the access control policy for EPG members is deny; that is, EPG members cannot communicate with each other, regardless of whether they are in the same or different EPGs.

    3. Run commit

      The configuration is committed.

  • Configure the default access control policy for members in an EPG.
    1. Run system-view

      The system view is displayed.

    2. Run traffic-segment same-segment { none | permit | deny }

      The default access control policy is configured for members in an EPG.

      By default, the access control policy for members in an EPG is none; that is, access control is not performed for members in an EPG. Instead, the device uses the default access control policy to perform access control for them.

      When the default access control policy for members in an EPG is not none, the configured default access control policy is used for the members.

    3. Run commit

      The configuration is committed.

Translation
简体中文
Download
Updated: 2021-09-17

Document ID: EDOC1100075347

Views: 235994

Downloads: 100

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Digital Signature File

Digital Signature Authentication Mode
Share
Previous Next

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :