Isolate-user-vlan configuration, Overview, Configuring an isolate-user-vlan – H3C Technologies H3C SecBlade NetStream Cards User Manual
Page 110
95
Isolate-user-VLAN configuration
This chapter includes these sections:
•
•
Configuring an isolate-user-VLAN
•
Displaying and maintaining isolate-user-VLAN
•
Isolate-user-VLAN configuration example
Overview
An isolate-user-VLAN uses a two-tier VLAN structure. In this approach, two types of VLANs,
isolate-user-VLAN and secondary VLAN, are configured on the same device.
The following are the characteristics of the isolate-user-VLAN implementation:
•
Isolate-user-VLANs are mainly used for upstream data exchange. An isolate-user-VLAN can be
associated with multiple secondary VLANs. As the upstream device is aware of only the
isolate-user-VLAN but not the secondary VLANs, network configuration is simplified and VLAN
resources are saved.
•
You can isolate the Layer 2 traffic of different users by assigning the ports connected to them to
different secondary VLANs. To enable communication between secondary VLANs associated with
the same isolate-user-VLAN, you can enable local proxy ARP on the upstream device to realize
Layer 3 communication between the secondary VLANs.
As shown in
, the isolate-user-VLAN function is enabled on Device B. VLAN 10 is the
isolate-user-VLAN, and VLAN 2, VLAN 5, and VLAN 8 are secondary VLANs associated with VLAN 10
and are invisible to Device A.
Figure 32 An isolate-user-VLAN example
Configuring an isolate-user-VLAN
To configure an isolate-user-VLAN, complete the following tasks:
1.
Configure the isolate-user-VLAN.