如何使同vlan中ip地址禁止访问?端口隔离与vlan有何不同?
inkMacSystemFont, ">portant; overflow-wrap: break-word !important;">前面我们曾多次提到portant; overflow-wrap: break-word !important;">关于不同vlan间的互通,那么在同一个vlan中如何实现端口相互隔离呢?这个在交换机组网项目中也是经常会用到。inkMacSystemFont, ">
inkMacSystemFont, ">portant; overflow-wrap: break-word !important;">对于有些项目,项目portant; overflow-wrap: break-word !important;">本身不需要不同vlan之间进行互访,比如有些监控项目就只需要内网访问,那么就没有必要创建vlan了,portant; overflow-wrap: break-word !important;">节约网络设备资源,但是要防止网络风暴,怎么办呢?
inkMacSystemFont, ">
inkMacSystemFont, ">portant; overflow-wrap: break-word !important;">采用端口隔离功能,可以实现portant; overflow-wrap: break-word !important;">同一VLAN内端口之间的隔离。用户只需要将端口加入到隔离组中,就可以实现隔离组内端口之间二层数据的隔离。
inkMacSystemFont, ">portant; overflow-wrap: break-word !important;">
inkMacSystemFont, ">portant; overflow-wrap: break-word !important;">端口隔离一般用于内网中,端口隔离的端口之间无法相互通信,所以端口隔离功能为用户提供了更安全的方案。
inkMacSystemFont, ">portant; overflow-wrap: break-word !important;">
portant; overflow-wrap: break-word !important;">portant; overflow-wrap: break-word !important; color: rgb(219, 55, 52); font-size: 17px;">portant; overflow-wrap: break-word !important;">案例:端口隔离实例配置portant; overflow-wrap: break-word !important; font-size: 15px; letter-spacing: 2px; color: rgb(252, 242, 241); background-color: rgb(216, 98, 34); font-family: mp-quote, -apple-system-font, BlinkMacSystemFont, ">
inkMacSystemFont, ">portant; overflow-wrap: break-word !important;">portant; overflow-wrap: break-word !important;">某企业研发办公室员工分为三类:
inkMacSystemFont, ">portant; overflow-wrap: break-word !important;">1、本公司员工
inkMacSystemFont, ">portant; overflow-wrap: break-word !important;">2、A合作方公司员工
inkMacSystemFont, ">portant; overflow-wrap: break-word !important;">3、B合作方公司员工
inkMacSystemFont, ">
inkMacSystemFont, ">portant; overflow-wrap: break-word !important;">如下图所示,PC1和PC2分别代表A、B合作方员工,PC3代表本公司研发员工,公司希望 在节省VLAN资源的前提下,实现本公司员工和A、B两个合作方公司之间可以相互通 信,但是portant; overflow-wrap: break-word !important;">A、B两个合作方公司员工之间无法通信。
inkMacSystemFont, ">
inkMacSystemFont, ">portant; overflow-wrap: break-word !important;">也就是,在同一个vlan中,portant; overflow-wrap: break-word !important;">PC3可以访问PC1与PC2,而PC1与PC2不能相互访问,我们以华为的交换机配置作为实例。
inkMacSystemFont, ">portant; overflow-wrap: break-word !important;">
inkMacSystemFont, ">portant; overflow-wrap: break-word !important;">
inkMacSystemFont, ">portant; overflow-wrap: break-word !important; text-align: left; text-indent: 30px; font-family: Optima-bold, PingFangSC-light; font-size: 15px; letter-spacing: 0.5px; background-color: rgb(0, 0, 0); color: rgb(255, 255, 255);">一、 配置端口隔离示例组网图与ip地址
inkMacSystemFont, ">
inkMacSystemFont, ">portant; overflow-wrap: break-word !important; text-align: left; text-indent: 30px; font-family: Optima-bold, PingFangSC-light; font-size: 15px; letter-spacing: 0.5px; background-color: rgb(0, 0, 0); color: rgb(255, 255, 255);">二、配置思路
inkMacSystemFont, ">portant; overflow-wrap: break-word !important;">采用如下的思路portant; overflow-wrap: break-word !important;">配置端口隔离:
inkMacSystemFont, ">portant; overflow-wrap: break-word !important;">a、配置接口加入VLAN。
inkMacSystemFont, ">portant; overflow-wrap: break-word !important;">b、 配置接口加入到隔离组中,实现隔离组内接口之间二层数据的隔离。
inkMacSystemFont, ">
inkMacSystemFont, ">portant; overflow-wrap: break-word !important; text-align: left; text-indent: 30px; font-family: Optima-bold, PingFangSC-light; font-size: 15px; letter-spacing: 0.5px; background-color: rgb(0, 0, 0); color: rgb(255, 255, 255);">三、配置步骤:
inkMacSystemFont, ">portant; overflow-wrap: break-word !important;">step1、配置端口隔离功能
inkMacSystemFont, ">portant; overflow-wrap: break-word !important;">portant; overflow-wrap: break-word !important;">配置GE1/0/1的端口隔离功能。
inkMacSystemFont, ">portant; overflow-wrap: break-word !important;">
inkMacSystemFont, ">portant; overflow-wrap: break-word !important;"> sysname Switch //交换机命令为switch
inkMacSystemFont, ">portant; overflow-wrap: break-word !important;"> vlan 10 //创建vlan10
inkMacSystemFont, ">portant; overflow-wrap: break-word !important;"> quit //返回
inkMacSystemFont, ">portant; overflow-wrap: break-word !important;"> interface gigabitethernet 1/0/1 //进入端口1/0/1
inkMacSystemFont, ">portant; overflow-wrap: break-word !important;"> port link-type access //配置GE1/0/1的接口类型为access。
inkMacSystemFont, ">portant; overflow-wrap: break-word !important;"> port default vlan 10 //配置GE1/0/1加入VLAN 10。
inkMacSystemFont, ">portant; overflow-wrap: break-word !important;"> port-isolate enable //缺省加入端口隔离组1,且隔离模式为二层隔离三层互通。
inkMacSystemFont, ">portant; overflow-wrap: break-word !important;"> quit
portant; overflow-wrap: break-word !important;">portant; overflow-wrap: break-word !important;">
inkMacSystemFont, ">portant; overflow-wrap: break-word !important;">portant; overflow-wrap: break-word !important;">配置GE01/0/2的端口隔离功能。
inkMacSystemFont, ">portant; overflow-wrap: break-word !important;"> interface gigabitethernet 1/0/2
inkMacSystemFont, ">portant; overflow-wrap: break-word !important;"> port link-type access //配置GE1/0/2的接口类型为access。
inkMacSystemFont, ">portant; overflow-wrap: break-word !important;"> port default vlan 10 //配置GE1/0/2加入VLAN 10。
inkMacSystemFont, ">portant; overflow-wrap: break-word !important;"> port-isolate enable //缺省加入端口隔离组1,且隔离模式为二层隔离三层互通。
inkMacSystemFont, ">portant; overflow-wrap: break-word !important;"> quit
inkMacSystemFont, ">portant; overflow-wrap: break-word !important;">
inkMacSystemFont, ">portant; overflow-wrap: break-word !important; color: rgb(217, 33, 66);">portant; overflow-wrap: break-word !important;">portant; overflow-wrap: break-word !important;">配置GE1/0/3加入VLAN10
inkMacSystemFont, ">portant; overflow-wrap: break-word !important;"> interface gigabitethernet 1/0/3
inkMacSystemFont, ">portant; overflow-wrap: break-word !important;"> port link-type access //配置GE1/0/3的接口类型为access。
inkMacSystemFont, ">portant; overflow-wrap: break-word !important;"> port default vlan 10 //配置GE1/0/3加入VLAN 10。
inkMacSystemFont, ">portant; overflow-wrap: break-word !important;"> quit
inkMacSystemFont, ">
inkMacSystemFont, ">portant; overflow-wrap: break-word !important; text-align: left; text-indent: 30px; font-family: Optima-bold, PingFangSC-light; letter-spacing: 0.5px; font-size: 12px; background-color: rgb(0, 0, 0); color: rgb(255, 255, 255);">四、实现结果
inkMacSystemFont, ">portant; overflow-wrap: break-word !important;">PC1和PC2数据不能互通。
inkMacSystemFont, ">portant; overflow-wrap: break-word !important;">PC1和PC3数据可以互通。
inkMacSystemFont, ">portant; overflow-wrap: break-word !important;">PC2和PC3数据可以互通。
inkMacSystemFont, ">portant; overflow-wrap: break-word !important;">
portant; overflow-wrap: break-word !important;">portant; overflow-wrap: break-word !important; color: rgb(219, 55, 52); font-size: 17px;">portant; overflow-wrap: break-word !important;">端口隔离与v划分vlan的区别
inkMacSystemFont, ">portant; overflow-wrap: break-word !important;">1、端口隔离的端口之间无法相互通信,但可以与上联口通信;VLAN是同VLAN ID的端口可以任意通信,不同VLAN之间不能直接通信。
inkMacSystemFont, ">
inkMacSystemFont, ">portant; overflow-wrap: break-word !important;">2、端口隔离的各个portant; overflow-wrap: break-word !important;">端口仍然处于同一IP段;VLAN则必须每个VLAN对应一个独立的IP段。
inkMacSystemFont, ">
inkMacSystemFont, ">portant; overflow-wrap: break-word !important;">3、端口隔离仅限于单台交换机,即无法控制通过上联口互联的两台交换机之间的隔离端口的通信;VLAN可以跨越多台交换机,只要VLAN ID不同,就无法直接通信。
页:
[1]