Chapter 9
| General Security Measures
Port-based Traffic Segmentation
– 320 –
â—†
Traffic segmentation and normal VLANs can exist simultaneously within the
same switch. Traffic may pass freely between uplink ports in segmented groups
and ports in normal VLANs.
â—†
When traffic segmentation is enabled, the forwarding state for the uplink and
downlink ports assigned to different client sessions is shown below.
â—†
When traffic segmentation is disabled, all ports operate in normal forwarding
mode based on the settings specified by other functions such as VLANs and
spanning tree protocol.
â—†
Enter the
traffic-segmentation
command without any parameters to enable
traffic segmentation. Then set the interface members for segmented groups
using the traffic-segmentation uplink/downlink command.
â—†
Enter
no traffic-segmentation
to disable traffic segmentation and clear the
configuration settings for segmented groups.
Example
This example enables traffic segmentation globally on the switch.
Console(config)#traffic-segmentation
Console(config)#
traffic-segmentation
session
This command creates a traffic-segmentation client session. Use the
no
form to
remove a client session.
Syntax
[
no
]
traffic-segmentation
session
session-id
session-id – Traffic segmentation session. (Range: 1-4)
Table 62: Traffic Segmentation Forwarding
Destination
Source
Session #1
Downlinks
Session #1
Uplinks
Session #2
Downlinks
Session #2
Uplinks
Normal
Ports
Session #1
Downlink Ports
Blocking Forwarding Blocking Blocking Blocking
Session #1
Uplink Ports
Forwarding Forwarding Blocking Blocking/
Forwarding
*
* The forwarding state for uplink-to-uplink ports is configured by the traffic-
segmentation uplink-to-uplink command.
Forwarding
Session #2
Downlink Ports
Blocking Blocking Blocking Forwarding Blocking
Session #2
Uplink Ports
Blocking Blocking/
Forwarding
*
Forwarding Forwarding Forwarding
Normal Ports Forwarding Forwarding Forwarding Forwarding Forwarding
To Next Page
Loading...
Need help?
General