How to choose between MFF and port isolation

4

Port isolation and MFF have similar effects. You can choose one according to your needs. The differences between port isolation and MFF are as follows:

1. Port isolation is configured on interfaces, while MFF is configured in VLANs.
2. Port isolation physically separates interfaces, and users may be not allowed to communicate with each other. MFF ensures that users can communicate through Layer 3.
3. Port isolation is applied to users on one device, while MFF can be applied to users on different devices as long as the users are in the same VLAN.
4. Port isolation is valid to all Ethernet packets, while MFF is only valid to IP packets.
5. The VLANIF interfaces can be configured for the VLANs on the interfaces with port isolation configured. The VLANs with MFF enabled cannot have VLANIF interfaces.

Other related questions:
What are the differences between port isolation and ACL on a WLAN device
For WLAN devices: The port isolation function isolates interfaces in a VLAN, providing secure and flexible networking solutions. To implement Layer 2 isolation between interfaces, you can add these interfaces to different VLANs. However, this approach wastes VLAN resources. Port isolation can isolate interfaces in the same VLAN, and a port isolation group can effectively implement Layer 2 isolation between these interfaces. Port isolation offers secure and flexible networking solutions. An ACL is a packet filter that filters packets based on rules. A device with an ACL configured matches packets based on the rules to obtain the packets of a certain type, and then decides to forward or discard these packets according to the policies used by the service module to which the ACL is applied. Uncontrolled mutual access between different network segments brings security risks. After an ACL is applied to a QoS traffic policy or simplified traffic policy, the access rights between the users on different network segments are restricted.

Differences between an NNI optical port and an isolated node
Question: What is an NNI optical port and an isolated node? Can a non-transmission device be regarded as an isolated node? Answer: The NNI optical port is used for communication with external networks. For example, if a Huawei device is interconnected with a device of another company, or a service traverses multiple subnets but the T2000 can manage only a part of the subnets, the T2000 only identifies that a service is transmitted out from a certain slot of an NE. In this case, you need to create an NNI optical port as an identifier. A TM without protection or an isolated node without optical fiber connections can be created as an NNI optical port. An NNI optical port is a logical system that does not belong to any protection subnet and has no protection TM. An isolated node is configured on the NE side but cannot form or has not yet formed a protection subnet with other nodes.

Difference between port isolation and ACLs on S series switches
For S series switches (except S1700 switches): The port isolation function isolates interfaces in a VLAN, providing secure and flexible networking solutions. To implement Layer 2 isolation between interfaces, you can add each interface to a different VLAN. This method, however, wastes VLAN resources. Port isolation can isolate interfaces in the same VLAN, and a port isolation group can effectively implement Layer 2 isolation between these interfaces. It provides secure and flexible networking solutions. An ACL is a packet filter that filters packets based on rules. A switch with an ACL configured matches packets based on the rules to obtain the packets of a certain type, and then decides to forward or discard these packets according to the policies used by the service module to which the ACL is applied. For example, after an ACL is applied to a traffic policy or simplified traffic policy, access rights of the users on different network segments are restricted, preventing security risks caused by uncontrolled mutual access between different network segments.

Configure port isolation on the S1728GWR-4P switch
Configure port isolation on an S1728GWR-4P switch as follows: 1. Choose Security > Port Isolation. 2. Set Interface to Port or Trunk. 3. Enable or disable port isolation on a specified interface or trunk. 4. Click Apply to complete the configuration.

Why is port isolation needed
To save VLAN resources, enable port isolation to isolate interfaces in a VLAN. That is, you can add interfaces to a port isolation group to implement Layer 2 or Layer 3 isolation between these interfaces. Port isolation provides secure and flexible networking schemes for customers.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top