beautypg.com

Configuration procedure – H3C Technologies H3C WX5500E Series Access Controllers User Manual

Page 150

background image

139

{

The latter configures a port to permit packets from only one isolate-user-VLAN to pass through.

Configuration procedure

To configure an isolate-user-VLAN, complete the following tasks:

1.

Configure the isolate-user-VLAN.

2.

Configure the secondary VLANs.

3.

Associate the isolate-user-VLAN with the specified secondary VLANs.

4.

Configure uplink and downlink ports in the following workflow:

a.

Configure the uplink ports, for example, the port connecting Device B to Device A in

Figure 41

,

to operate in promiscuous mode in the specified VLAN, so that uplink ports can be

automatically added to the specified isolate-user-VLAN and the secondary VLANs associated

with the isolate-user-VLAN.

b.

Configure the downlink ports, for example, the ports connecting Device B to hosts in

Figure 41

,

to operate in host mode, so that downlink ports can be automatically added to the

isolate-user-VLAN associated with the secondary VLAN.
For more information about the promiscuous and host mode commands, see Layer 2—LAN

Switching Command Reference.

To configure an isolate-user-VLAN:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Create a VLAN and enter

VLAN view.

vlan vlan-id N/A

3.

Configure the VLAN as an
isolate-user-VLAN.

isolate-user-vlan enable

By default, no isolate-user-VLAN is
configured.

4.

Return to system view.

quit

N/A

5.

Create secondary VLANs.

vlan { vlan-id1 [ to vlan-id2 ] | all }

N/A

6.

Configure Layer 2 isolation
between ports in the same

secondary VLAN.

isolated-vlan enable

Optional.
By default, ports in the same
secondary VLAN can

communicate with one another at

Layer 2.
This configuration takes effect only
after you configure all ports in the

same secondary VLAN to operate

in host mode and associate
secondary VLANs with an

isolate-user-VLAN.

7.

Return to system view.

quit

N/A

8.

Associate the

isolate-user-VLAN with the
specified secondary VLANs.

isolate-user-vlan
isolate-user-vlan-id secondary
secondary-vlan-id [ to

secondary-vlan-id ]

By default, no isolate-user-VLAN is
associated with secondary VLANs.

See also other documents in the category H3C Technologies Routers: