Chapter 9
| General Security Measures
Port-based Traffic Segmentation
– 320 –
◆
Traffic segmentation and normal VLANs can exist simultaneously within the
same switch. Traffic may pass freely between uplink ports in segmented groups
and ports in normal VLANs.
◆
When traffic segmentation is enabled, the forwarding state for the uplink and
downlink ports assigned to different client sessions is shown below.
◆
When traffic segmentation is disabled, all ports operate in normal forwarding
mode based on the settings specified by other functions such as VLANs and
spanning tree protocol.
◆
Enter the
traffic-segmentation
command without any parameters to enable
traffic segmentation. Then set the interface members for segmented groups
using the traffic-segmentation uplink/downlink command.
◆
Enter
no traffic-segmentation
to disable traffic segmentation and clear the
configuration settings for segmented groups.
Example
This example enables traffic segmentation globally on the switch.
Console(config)#traffic-segmentation
Console(config)#
traffic-segmentation
session
This command creates a traffic-segmentation client session. Use the
no
form to
remove a client session.
Syntax
[
no
]
traffic-segmentation
session
session-id
session-id – Traffic segmentation session. (Range: 1-4)
Table 62: Traffic Segmentation Forwarding
Destination
Source
Session #1
Downlinks
Session #1
Uplinks
Session #2
Downlinks
Session #2
Uplinks
Normal
Ports
Session #1
Downlink Ports
Blocking Forwarding Blocking Blocking Blocking
Session #1
Uplink Ports
Forwarding Forwarding Blocking Blocking/
Forwarding
*
* The forwarding state for uplink-to-uplink ports is configured by the traffic-
segmentation uplink-to-uplink command.
Forwarding
Session #2
Downlink Ports
Blocking Blocking Blocking Forwarding Blocking
Session #2
Uplink Ports
Blocking Blocking/
Forwarding
*
Forwarding Forwarding Forwarding
Normal Ports Forwarding Forwarding Forwarding Forwarding Forwarding
To Next Page
Loading...
