Got it

Application scenarios of switch port isolation and MFF

Latest reply: Apr 14, 2020 17:11:12 48 1 1 0

Hi, everyone! Today I’m going to introduce application scenarios of switch port isolation and MFF.

It is not recommended to configure port isolation and MFF on the S3300 at the same time. The application scenarios of the two are as follows. Port isolation to achieve Layer 2 isolation between packets, users can add different ports to different VLANs, but this will waste limited VLAN resources. Using the port isolation function can achieve isolation between ports in the same VLAN. Users only need to add ports to the isolation group to achieve the isolation of Layer 2 data between the ports in the isolation group. The port isolation function provides users with a safer and more flexible networking solution. If users want to isolate broadcast packets in the same VLAN, but users on different ports can also communicate at Layer 3, you can set the isolation mode to Layer 2 isolation and Layer 3 interworking.

If users want users in different ports of the same VLAN For communication, the isolation mode can be configured as Layer 2 and Layer 3 can be isolated. The method and application scenario of port isolation is shown in Figure 1 - Example of port isolation. PC1, PC2, and PC3 belong to VLAN 10. After adding ports GE0 / 0/1 and GE0 / 0/2 corresponding to PC1 and PC2 to the port isolation group, PC1, and PC2 cannot access each other in VLAN 10, but PC3 and PC1 can access each other, PC3 and PC2 can also access each other.

Figure 1 Example of port isolation

1

MFF provides a solution for achieving Layer 2 isolation and Layer 3 intercommunication between client hosts in the same broadcast domain. The MFF intercepts the user's ARP request, and the packet constructs an ARP reply message whose source MAC is the gateway MAC address through the ARP pickup mechanism and sends it to the user. In this way, users are forced to send all traffic to the gateway, so that the gateway can monitor data traffic to prevent malicious attacks between users, and better guarantee the security of network deployment. As shown in Figure 2, using MFF to achieve Layer 2 network isolation shows that user traffic cannot pass directly from the Layer 2 aggregation node but through the gateway to achieve Layer 2 isolation.

Figure 2 Achieve Layer 2 network isolation through MFF

1

If you have any problems, please post them in our Community. We are happy to solve them for you!

  • x
  • convention:

tesfama
MVE Created Apr 14, 2020 17:11:12 Helpful(0) Helpful(0)

Good
View more
  • x
  • convention:

Comment

Reply
You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!

My Followers

Login and enjoy all the member benefits

Login

Huawei Enterprise Support Community
Huawei Enterprise Support Community