Configuration procedure – H3C Technologies H3C SecPath F1000-E User Manual

5

Figure 7 Network diagram for local proxy ARP between isolated ports

NOTE:
•

The switch in this diagram is a distributed device.

•

In this configuration example, all traffic between the hosts is blocked, and therefore you need to
configure local proxy ARP on GigabitEthernet 1/2 of the device to enable communication between Host

A and Host B. If the two ports (GigabitEthernet 1/3 and GigabitEthernet1/1) on the switch are isolated

only at Layer 2, you can enable communication between the two hosts by configuring local proxy ARP
on VLAN-interface 2 of the switch.

Configuration procedure

Step1

Configure the switch

# Add GigabitEthernet 1/3, GigabitEthernet 1/1 and GigabitEthernet 1/2 to VLAN 2. Configure port

isolation on Host A and Host B.

system-view

[Switch] port-isolate group 2

[Switch] vlan 2

[Switch-vlan2] port gigabitethernet 1/3

[Switch-vlan2] port gigabitethernet 1/1

[Switch-vlan2] port gigabitethernet 1/2

[Switch-vlan2] quit

[Switch] interface gigabitethernet 1/3

[Switch-GigabitEthernet1/3] port-isolate enable group 2

[Switch-GigabitEthernet1/3] interface gigabitethernet 1/1

[Switch-GigabitEthernet1/1] port-isolate enable group 2

[Switch-GigabitEthernet1/1] interface gigabitethernet 1/2

[Switch-GigabitEthernet1/2] port-isolate uplink-port group 2

Step2

Configure the device

# Specify the IP address of GigabitEthernet 0/2.

system-view

[Device] interface gigabitethernet 0/2

[Device-GigabitEthernet0/2] ip address 192.168.10.100 255.255.0.0