No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


How to let four physical interfaces forbid accessing each other on LAN interface.

Publication Date:  2012-09-18 Views:  203 Downloads:  0

Issue Description

User requests the USG2110 that four physical interfaces forbid accessing each other under LAN interface. But actually it likes HUB interface, and only can configure the ip address for a single interface. it is not layer 3 interface, and it can not divide VLAN like Layer 2 switch. So that the four interfaces can not forbid accessing each other.
topology diagram:
                              |         |

Alarm Information


Handling Process

Get rid of the two consideration, because the LAN interface can not divide VLAN and can not configure ip address on single interface.
So think about the three way. The configuration is as follow:
interface Ethernet0/0/1
ip address
ip address sub
ip policy route-policy test1

traffic classifier test operator and
if-match acl 3001
traffic behavior test
acl number 3001
rule 5 permit ip source destination

route-policy test1 permit node 1
if-match acl 3001
apply output-interface NULL0

This configuration ensures that the network segment packet of can not reach under the same LAN interface.
Then configure the same route-policy from to
Finally, you let the interface forbid accessing each other.

Root Cause

Configure the customer’s country code.
1. consider that whether it can forbid from layer 3 point of view
2. consider the VLAN point of view of layer 2
3. consider the QOS point of view