C
HAPTER
24
| General Security Measures
Port-based Traffic Segmentation
– 939 –
◆ Traffic segmentation and normal VLANs can exist simultaneously within
the same switch. Traffic may pass freely between uplink ports in
segmented groups and ports in normal VLANs.
◆ When traffic segmentation is enabled, the forwarding state for the
uplink and downlink ports assigned to different client sessions is shown
below.
◆ When traffic segmentation is disabled, all ports operate in normal
forwarding mode based on the settings specified by other functions
such as VLANs and spanning tree protocol.
◆ Enter the traffic-segmentation command without any parameters to
enable traffic segmentation. Then set the interface members for
segmented groups using the traffic-segmentation uplink/downlink
command.
◆ Enter no traffic-segmentation to disable traffic segmentation and
clear the configuration settings for segmented groups.
EXAMPLE
This example enables traffic segmentation globally on the switch.
Console(config)#traffic-segmentation
Console(config)#
traffic-segmentation
session
This command creates a traffic-segmentation client session. Use the no
form to remove a client session.
SYNTAX
[no] pvlan session session-id
session-id – Traffic segmentation session. (Range: 1-4)
Table 99: Traffic Segmentation Forwarding
Destination
Source
Session #1
Downlinks
Session #1
Uplinks
Session #2
Downlinks
Session #2
Uplinks
Normal
Ports
Session #1
Downlink Ports
Blocking Forwarding Blocking Blocking Blocking
Session #1
Uplink Ports
Forwarding Forwarding Blocking Blocking/
Forwarding
*
* The forwarding state for uplink-to-uplink ports is configured by the traffic-
segmentation uplink-to-uplink command.
Forwarding
Session #2
Downlink Ports
Blocking Blocking Blocking Forwarding Blocking
Session #2
Uplink Ports
Blocking Blocking/
Forwarding<
Superscript
>*
Forwarding Forwarding Forwarding
Normal Ports Forwarding Forwarding Forwarding Forwarding Forwarding
To Next Page
Loading...
