交换机端口隔离
一、HP 交换机
端口1-24互相隔离:
filter source-port "1" drop 2-24
filter source-port "2" drop 3-24
filter source-port "3" drop 4-24
filter source-port "4" drop 5-24
filter source-port "5" drop 6-24
filter source-port "6" drop 7-24
filter source-port "7" drop 8-24
filter source-port "8" drop 9-24
filter source-port "9" drop 10-24
filter source-port "10" drop 11-24
filter source-port "11" drop 12-24
filter source-port "12" drop 13-24
filter source-port "13" drop 14-24
filter source-port "14" drop 15-24
filter source-port "15" drop 16-24
filter source-port "16" drop 17-24
filter source-port "17" drop 18-24
filter source-port "18" drop 19-24
filter source-port "19" drop 20-24
filter source-port "20" drop 21-24
filter source-port "21" drop 22-24
filter source-port "22" drop 23-24
filter source-port "23" drop 24
也可用下面的方法:
vlan 2 untagged ethernet 2 //端口2加入vlan2
vlan 3 untagged ethernet 3
vlan 4 untagged ethernet 4
vlan 5 untagged ethernet 5
vlan 6 untagged ethernet 6
vlan 7 untagged ethernet 7
vlan 8 untagged ethernet 8
vlan 9 untagged ethernet 9
vlan 10 untagged ethernet 10
vlan 11 untagged ethernet 11
vlan 12 untagged ethernet 12
vlan 13 untagged ethernet 13
vlan 14 untagged ethernet 14
vlan 15 untagged ethernet 15
vlan 16 untagged ethernet 16
vlan 17 untagged ethernet 17
vlan 18 untagged ethernet 18
vlan 19 untagged ethernet 19
vlan 20 untagged ethernet 20
vlan 21 untagged ethernet 21
vlan 22 untagged ethernet 22
vlan 23 untagged ethernet 23
vlan 24 untagged ethernet 24
vlan 1 tagged ethernet 25 //配置端口25为中继端口,允许vlan1到vlan24通过。
vlan 2 tagged ethernet 25
vlan 3 tagged ethernet 25
vlan 4 tagged ethernet 25
vlan 5 tagged ethernet 25
vlan 6 tagged ethernet 25
vlan 7 tagged ethernet 25
vlan 8 tagged ethernet 25
vlan 9 tagged ethernet 25
vlan 10 tagged ethernet 25
vlan 11 tagged ethernet 25
vlan 12 tagged ethernet 25
vlan 13 tagged ethernet 25
vlan 14 tagged ethernet 25
vlan 15 tagged ethernet 25
vlan 16 tagged ethernet 25
vlan 17 tagged ethernet 25
vlan 18 tagged ethernet 25
vlan 19 tagged ethernet 25
vlan 20 tagged ethernet 25
vlan 21 tagged ethernet 25
vlan 22 tagged ethernet 25
vlan 23 tagged ethernet 25
vlan 24 tagged ethernet 25
vlan 1 tagged ethernet 26 //配置端口26为中继端口,允许vlan1到vlan24通过。
vlan 2 tagged ethernet 26
vlan 3 tagged ethernet 26
vlan 4 tagged ethernet 26
vlan 5 tagged ethernet 26
vlan 6 tagged ethernet 26
vlan 7 tagged ethernet 26
vlan 8 tagged ethernet 26
vlan 9 tagged ethernet 26
vlan 10 tagged ethernet 26
vlan 11 tagged ethernet 26
vlan 12 tagged ethernet 26
vlan 13 tagged ethernet 26
vlan 14 tagged ethernet 26
vlan 15 tagged ethernet 26
vlan 16 tagged ethernet 26
vlan 17 tagged ethernet 26
vlan 18 tagged ethernet 26
vlan 19 tagged ethernet 26
vlan 20 tagged ethernet 26
vlan 21 tagged ethernet 26
vlan 22 tagged ethernet 26
vlan 23 tagged ethernet 26
vlan 24 tagged ethernet 26
write memo //保存
HP交换机,端口隔离是双向的,也就是说,只需隔离一个方向即可。
而华为交换机,有单向和双向隔离,如果想完全隔离,需两边都配隔离。
下面为华为配置:
二、华为交换机
端口1与2互相隔离:
int Ethernet 0/0/1
am isolate Ethernet 0/0/2
int Ethernet 0/0/2
am isolate Ethernet 0/0/1
三、Cisco 交换机
Switch(config-if)#switchport protected
所有端口打上这条命令的,都不可以互相通讯。没有打的可以和它通讯。
换句话说,受保护的端口不可以互相通讯。没受保护的可以和受保护的通讯。
发表评论: