Chapter 9
| General Security Measures
Port-based Traffic Segmentation
– 356 –
◆ When traffic segmentation is enabled, the forwarding state for the uplink and
downlink ports assigned to different client sessions is shown below.
◆ When traffic segmentation is disabled, all ports operate in normal forwarding
mode based on the settings specified by other functions such as VLANs and
spanning tree protocol.
◆ Enter the traffic-segmentation command without any parameters to enable
traffic segmentation. Then set the interface members for segmented groups
using the traffic-segmentation uplink/downlink command.
◆ Enter no traffic-segmentation to disable traffic segmentation and clear the
configuration settings for segmented groups.
Example
This example enables traffic segmentation globally on the switch.
Console(config)#traffic-segmentation
Console(config)#
traffic-segmentation
session
This command creates a traffic-segmentation client session. Use the no form to
remove a client session.
Syntax
[no] traffic-segmentation session session-id
session-id – Traffic segmentation session. (Range: 1-4)
Default Setting
None
Table 67: Traffic Segmentation Forwarding
Destination
Source
Session #1
Downlinks
Session #1
Uplinks
Session #2
Downlinks
Session #2
Uplinks
Normal
Ports
Session #1
Downlink Ports
Blocking Forwarding Blocking Blocking Blocking
Session #1
Uplink Ports
Forwarding Forwarding Blocking Blocking/
Forwarding
*
* The forwarding state for uplink-to-uplink ports is configured by the traffic-
segmentation uplink-to-uplink command.
Forwarding
Session #2
Downlink Ports
Blocking Blocking Blocking Forwarding Blocking
Session #2
Uplink Ports
Blocking Blocking/
Forwarding*
Forwarding Forwarding Forwarding
Normal Ports Forwarding Forwarding Forwarding Forwarding Forwarding
To Next Page
Loading...
