Got it
Huawei Enterprise Support Community
Community Forums Routing & Switching
Ways to isolate ports fro...

Ways to isolate ports from each other on layer 2

Latest reply: Jul 26, 2021 13:32:40 401 5 2 0 0
View the author 1#

Sometimes we want to isolate two interfaces from each other, so that the devices which connected to these interfaces can not access each other.


Some people may configure these two PCs into different networks and yes, that may work. But if these two PC are on the same network, how could we achieve that goal? Here we list of a few ways to do this.


1. VLAN


As the most common and widely used way, VLAN may be the first way we think out when we are appointed this task.


As known, the interfaces in the different VLANs can not access each other through the layer 2. But there is a problem, which is the number of the VLAN. As the VLAN tag described, VLAN tag only contains 12 bits, which means that the maximum number of VLAN is 4096, in fact, there are a few VLANs that are reserved, so the usable VLANs are less than 4096.


So, the way to configure the VLAN to isolate the interface is not the best way.


2. MUX VLAN


MUX VLAN, which is called private VLAN in Cisco, can also be used to isolate the interfaces.


In MUX VLAN, there is a concept of separating the VLAN. In the separate VLAN, the interfaces are independent from each other, so we can add the interfaces which should isolate from each other into the separate VLAN.


Unlike the way of configuring the VLAN, the MUX VLAN will comsume more VLANs, because we have to configure the main VLAN and group VLAN. But if more than two interfaces exist (such as N interfaces) and both of them should be configured as isolation from each other, the way of configuring the VLAN will consume N VLANs. However, in MUX VLAN, only three VLANs are needed.


So, if more than two interfaces need to be configured to be isolated from each other, the MUX VLAN is a better way than VLAN.


3. Port isolation


Layer 2 port isolation can isolate interfaces on the same VLAN. That is, you only need to add interfaces to a port isolation group to implement Layer 2 isolation between these interfaces. 


Unlike the VLAN and MUX VLAN, port isolation doesn't waste VLANs. The configuration of the port isolation does not consume extra VLANs, making it the best way to do this. 


The port isolation only needs to add the interfaces which should be isolated from each other into the same group. In this group, the interfaces can not access each other, just like the separate VLAN in MUX VLAN.


Like (2) Dislike (0) Favorite(0) Share Report
Previous: IP network-Routing forwarding features
Next: Routine Maintenance Manual of Huawei NE40E, CX-600 and ME-60 BRAS (X-16, X-8, x-3) Serie [2nd part]
(0) (0)
2#
semphis
Created Apr 23, 2019 14:21:54

You can use MAC-Forced Forwarding or use S and C-Tag in Vlans to solve the 12 bits problem also.
View more
  • x
  • convention:
(0) (0)
3#
Unicef
MVE Created Jul 23, 2021 06:23:47

GREAT
View more
  • x
  • convention:
(0) (0)
4#
Kevin_Thomas
Created Jul 23, 2021 17:36:55

Informative and nicely done. Keep up the good work!
View more
  • x
  • convention:
(0) (0)
5#
andersoncf1
MVE Author Created Jul 26, 2021 13:32:40

Thanks for sharing. Well done
View more
  • x
  • convention:

chenhui
chenhui Created Jul 27, 2021 03:34:51 (0) (0)
Thanks!  
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.