CloudEngine S16700 V600R022C10 Configuration Guide - VXLAN

Configuring Unidirectional Isolation from the Access Side to the Tunnel Side

Context

On a VXLAN network, users in the same BD can directly communicate with each other. To isolate unidirectional traffic from the access side to the tunnel side in a BD, you can configure unidirectional isolation from the access side to the tunnel side.

Procedure

Enter the system view.
```
system-view
```
Create a BD and enter its view.
```
bridge-domain bd-id
```
By default, no BD is created.
Enable unidirectional isolation from the access side to the tunnel side in the BD.
```
isolate remote enable
```
By default, unidirectional isolation from the access side to the tunnel side is not configured in a BD.
Return to the system view.
```
quit
```
(Optional) If users who access a BD through a VLAN need to communicate with the tunnel side, set the access-side mode of the VLAN to hub.
1. Create a VLAN and enter the VLAN view. If the VLAN already exists, this command will directly display the VLAN view.
```
vlan vlan-id
```
2. Set the access-side mode to hub.
```
hub-mode enable
```
  Before setting the access-side mode of a VLAN to hub, run the l2 binding vlan command in the BD view to bind the VLAN to the BD.
(Optional) If users who access a BD through a Layer 2 sub-interface need to communicate with the tunnel side, set the access-side mode of the Layer 2 sub-interface to hub.
1. Create a Layer 2 sub-interface and enter its view. If a Layer 2 sub-interface has been created, this command directly displays the Layer 2 sub-interface view.
```
interface interface-type interface-number.subnum mode l2
```
2. Set the access-side mode to hub.
```
hub-mode enable
```

Translation

Favorite

Download

Update Date：2024-12-20

Document ID：EDOC1100302469

Downloads：69

Average rating：0.0Points

Related Version

Digital Signature File

digtal sigature tool