Configuration procedure – H3C Technologies H3C WX5500E Series Access Controllers User Manual
Page 150
139
{
The latter configures a port to permit packets from only one isolate-user-VLAN to pass through.
Configuration procedure
To configure an isolate-user-VLAN, complete the following tasks:
1.
Configure the isolate-user-VLAN.
2.
Configure the secondary VLANs.
3.
Associate the isolate-user-VLAN with the specified secondary VLANs.
4.
Configure uplink and downlink ports in the following workflow:
a.
Configure the uplink ports, for example, the port connecting Device B to Device A in
to operate in promiscuous mode in the specified VLAN, so that uplink ports can be
automatically added to the specified isolate-user-VLAN and the secondary VLANs associated
with the isolate-user-VLAN.
b.
Configure the downlink ports, for example, the ports connecting Device B to hosts in
to operate in host mode, so that downlink ports can be automatically added to the
isolate-user-VLAN associated with the secondary VLAN.
For more information about the promiscuous and host mode commands, see Layer 2—LAN
Switching Command Reference.
To configure an isolate-user-VLAN:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Create a VLAN and enter
VLAN view.
vlan vlan-id N/A
3.
Configure the VLAN as an
isolate-user-VLAN.
isolate-user-vlan enable
By default, no isolate-user-VLAN is
configured.
4.
Return to system view.
quit
N/A
5.
Create secondary VLANs.
vlan { vlan-id1 [ to vlan-id2 ] | all }
N/A
6.
Configure Layer 2 isolation
between ports in the same
secondary VLAN.
isolated-vlan enable
Optional.
By default, ports in the same
secondary VLAN can
communicate with one another at
Layer 2.
This configuration takes effect only
after you configure all ports in the
same secondary VLAN to operate
in host mode and associate
secondary VLANs with an
isolate-user-VLAN.
7.
Return to system view.
quit
N/A
8.
Associate the
isolate-user-VLAN with the
specified secondary VLANs.
isolate-user-vlan
isolate-user-vlan-id secondary
secondary-vlan-id [ to
secondary-vlan-id ]
By default, no isolate-user-VLAN is
associated with secondary VLANs.