Can disable client isolation based on the ip address?

Created: Jun 10, 2019 09:02:01Latest reply: Jun 11, 2019 02:48:32 325 10 0 0
  Rewarded Hi-coins: 0 (problem resolved)

Hi, we have one enviorment which need to diable client isolation for some ip addess on OLT. These devices are connected to the upstream core switches , but they are in the same vlan as the client PCs. PLease advise ,thanks in advance.

  • x
  • convention:

Featured Answers
Gavin.Liu
Created Jun 10, 2019 12:59:50 Helpful(0) Helpful(0)

Hi there!

You can try testing the ACL rules.
  • x
  • convention:

All Answers
Gavin.Liu
Gavin.Liu Created Jun 10, 2019 09:55:22 Helpful(1) Helpful(1)

Hi ,it seems you want to configure the 2 ONT communication each other in same VLAN ;
you can reference below :

Configuring VLAN-based Layer 2 User Bridging.
// create VLAN profile :
huawei(config)#vlan service-profile profile-id 3
huawei(config-vlan-srvprof-3)#user-bridging enable
huawei(config-vlan-srvprof-3)#commit
huawei(config-vlan-srvprof-3)#quit

//bind the VLAN profile to the VLAN (example vlan 300 is your service vlan):

huawei(config)#vlan bind service-profile 300 profile-id 3
  • x
  • convention:

Peter2019
Peter2019 Created Jun 10, 2019 11:18:50 Helpful(0) Helpful(0)

Thanks for your reply. But what I meant is one client A connected to the ONT, and another device B is connected to the upstream core switch , this two devices are in the some vlan, Can we whitelist the device B to let the client A communicate with device B? Device A is connected to ONT, but Device B is connected to the core switch. Please advise, thanks.
  • x
  • convention:

Peter2019
Peter2019 Created Jun 10, 2019 11:20:51 Helpful(0) Helpful(0)

we don't want to enable user-bridging (disable client isolation) for the whole VLAN, just need to whitelist some server IP addresses which are connected to the core switch. Please advise, thanks in advance.
  • x
  • convention:

wwww20011
wwww20011 Created Jun 10, 2019 11:52:44 Helpful(0) Helpful(0)

I think it can be implemented, but not configured on the ONT. Instead, it is configured on the core switch.
  • x
  • convention:

Gavin.Liu
Gavin.Liu Created Jun 10, 2019 12:59:50 Helpful(0) Helpful(0)

Hi there!

You can try testing the ACL rules.
  • x
  • convention:

Peter2019
Peter2019 Created Jun 11, 2019 01:19:49 Helpful(0) Helpful(0)

thanks for your reply. Can you please advise how to configure ACL on core switch? Need to disable client isolation first, then apply ACL on core switches?
  • x
  • convention:

wwww20011
wwww20011 Created Jun 11, 2019 02:41:09
You can configure it on the core switch without disabling client isolation.  
Peter2019
Peter2019 Created Jun 11, 2019 01:22:47 Helpful(0) Helpful(0)

Another question is when Device A is connected to ONT, and device B connected to core switch, then default can ping from device A to device B or both directions can ping each other?
We tested it cannot ping device A (ONT) from device B (core switch) when they are in same vlan and same subnet.
  • x
  • convention:

Peter2019
Peter2019 Created Jun 11, 2019 01:25:23 Helpful(0) Helpful(0)

Sorry, we need to enable client isolation for whole VLAN ,but also need to whitelist some IP addresses. Some devices are connected to the core switch, and the client machines should be able to access them when they in same VLAN.
The post above maybe make you confused. sorry about that.
  • x
  • convention:

liqiang185
liqiang185 Admin Created Jun 11, 2019 02:48:32 Helpful(0) Helpful(0)

Hello Peter2019
please open another post,
This way more people will see and solve problems for you faster.
thanks
  • x
  • convention:

Comment

Reply
You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Login and enjoy all the member benefits

Login and enjoy all the member benefits

Login