141
{ Configure the downlink ports, for example, the ports connecting Device B to hosts in Figure 45,
to operate in host mode, so that the downlink ports can be added to the isolate-user-VLAN
associated with the secondary VLAN automatically.
For more information about the promiscuous and host mode commands, see Layer 2—LAN
Switching Command Reference.
Configuration restrictions and guidelines
• To enable users in the isolate-user-VLAN to communicate with other networks at Layer 3, follow
these steps:
a. Configure VLAN interfaces for the isolate-user-VLAN and the secondary VLANs, and configure
the gateway IP address for the isolate-user-VLAN interface (you do not need to configure IP
addresses for the secondary VLAN interfaces).
b. You must configure the isolated-vlan enable command for at least one secondary VLAN to
isolate the ports in the secondary VLAN.
• The dynamic MAC addresses entries learned in the isolate-user-VLAN are automatically
synchronized to all the secondary VLANs, and the dynamic MAC address entries learned in a
secondary VLAN are automatically synchronized to the isolate-user-VLAN. Static MAC address
entries cannot be automatically synchronized. If you have configured static MAC address entries in
the isolate-user-VLAN, you should also configure the same static MAC address entries in the
secondary VLANs to avoid broadcasts, and vice versa.
Configuration procedure
To configure an isolate-user-VLAN:
Ste
Command
Remarks
1. Enter system view.
system-view N/A
2. Create a VLAN and enter
VLAN view.
vlan vlan-id N/A
3. Configure the VLAN as an
isolate-user-VLAN.
isolate-user-vlan enable Not configured by default.
4. Return to system view.
quit N/A
5. Create secondary VLANs.
vlan { vlan-id1 [ to vlan-id2 ] | all }
N/A
6. Configure Layer 2 isolation
between ports in the same
secondary VLAN.
isolated-vlan enable
Optional.
By default, ports in the same
secondary VLAN can
communicate with one another at
Layer 2.
This configuration takes effect only
after you configure all ports in the
same secondary VLAN to operate
in host mode and associate the
secondary VLANs with an
isolate-user-VLAN.
7. Return to system view.
quit N/A
To Next Page
Loading...
Need help?
General