Can the VPLS feature of the switch implement isolation between ACs

3

The VPLS feature of the switch cannot implement isolation between ACs.

Other related questions:
How to implement L2 VSI?
As an Multiprotocol Label Switching (MPLS)-based point-to-multipoint (P2MP) Layer 2 Virtual Private Network (L2VPN) service provided over a public network, the virtual private LAN service (VPLS) ensures that geographically isolated user sites can communicate over metropolitan area networks (MANs) and wide area networks (WANs) as if they were on the same local area network (LAN). VPLS is also called the Transparent LAN Service (TLS). Configuration Examples, For details, see: Example for Configuring Martini VPLS.

What are the differences between port isolation and ACL on a WLAN device
For WLAN devices: The port isolation function isolates interfaces in a VLAN, providing secure and flexible networking solutions. To implement Layer 2 isolation between interfaces, you can add these interfaces to different VLANs. However, this approach wastes VLAN resources. Port isolation can isolate interfaces in the same VLAN, and a port isolation group can effectively implement Layer 2 isolation between these interfaces. Port isolation offers secure and flexible networking solutions. An ACL is a packet filter that filters packets based on rules. A device with an ACL configured matches packets based on the rules to obtain the packets of a certain type, and then decides to forward or discard these packets according to the policies used by the service module to which the ACL is applied. Uncontrolled mutual access between different network segments brings security risks. After an ACL is applied to a QoS traffic policy or simplified traffic policy, the access rights between the users on different network segments are restricted.

Whether isolation can be implemented when the firewall works in Layer 2 mode
Isolation can be implemented only when the firewall works in Layer 3 mode but not in Layer 2 mode.

VRRP implementation on ACs
Virtual Router Redundancy Protocol (VRRP) on ACs: VRRP integrates multiple routing devices into a virtual router and uses the next-hop address as the IP address of the virtual router. VRRP elects a new gateway to transmit data traffic if the next-hop gateway of hosts fails, ensuring reliable network communication. With the rapid development of WLANs and diversification of applications, various value-added services (VASs) such as Internet Protocol television (IPTV) and video conferencing are prevailing. Any interruptions to network services may cause significant loss to users, resulting in the increase of user demands for network reliability. Generally, all hosts on the same network segment have the same default route with the gateway address as the next-hop address. Hosts use the default route to send packets to the gateway and the gateway forwards the packets to other network segments. When the gateway fails, the hosts on the network segment using the same default route cannot communicate with external networks. More than one egress gateway can be configured to enhance system reliability. However, route selection between the gateways becomes an issue. VRRP solves the problem. VRRP virtualizes multiple routing devices into a virtual router without changing the networking. The next-hop address in the default route of hosts is used as the IP address of the virtual router for gateway backup. If the gateway is faulty, VRRP elects a new gateway to transmit service traffic to ensure reliable network communication. For implementation of VRRP, see AC6605&AC6005&ACU2 Product Documentation. In the document, choose Configuration > CLI-based Configuration > Reliability Configuration Guide > VRRP Configuration > Principles.

Difference between port isolation and ACLs on S series switches
For S series switches (except S1700 switches): The port isolation function isolates interfaces in a VLAN, providing secure and flexible networking solutions. To implement Layer 2 isolation between interfaces, you can add each interface to a different VLAN. This method, however, wastes VLAN resources. Port isolation can isolate interfaces in the same VLAN, and a port isolation group can effectively implement Layer 2 isolation between these interfaces. It provides secure and flexible networking solutions. An ACL is a packet filter that filters packets based on rules. A switch with an ACL configured matches packets based on the rules to obtain the packets of a certain type, and then decides to forward or discard these packets according to the policies used by the service module to which the ACL is applied. For example, after an ACL is applied to a traffic policy or simplified traffic policy, access rights of the users on different network segments are restricted, preventing security risks caused by uncontrolled mutual access between different network segments.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top