133
For more information about the promiscuous and host mode commands, see Layer 2—LAN
Switching Command Reference.
Configuration restrictions and guidelines
• To enable users in the isolate-user-VLAN to communicate with other networks at Layer 3, Configure
VLAN interfaces for the isolate-user-VLAN and the secondary VLANs, and configure the gateway IP
address for the isolate-user-VLAN interface (you do not need to configure IP addresses for the
secondary VLAN interfaces).
• You cannot configure the member port of a service loopback group as the uplink or downlink port of
an isolate-user-VLAN. For more information about the service loopback group, see "Configuring
service loopback groups."
Configuration procedure
To configure an isolate-user-VLAN:
Step
Command Remarks
1. Enter system view.
system-view N/A
2. Create a VLAN and enter
VLAN view.
vlan vlan-id N/A
3. Configure the VLAN as
an isolate-user-VLAN.
isolate-user-vlan enable Not configured by default.
4. Return to system view.
quit N/A
5. Create secondary VLANs.
vlan { vlan-id1 [ to vlan-id2 ] | all } N/A
6. Configure Layer 2
isolation between ports in
the same secondary
VLAN.
isolated-vlan enable
Optional.
By default, ports in the same
secondary VLAN can
communicate with one another at
Layer 2.
This configuration takes effect only
after you configure all ports in the
same secondary VLAN to operate
in host mode and associate the
secondary VLANs with an isolate-
user-VLAN.
7. Return to system view.
quit N/A
8. Associate the isolate-user-
VLAN with the specified
secondary VLANs.
isolate-user-vlan isolate-user-vlan-id
secondary secondary-vlan-id [ to
secondary-vlan-id ]
Not configured by default.
To Next Page
Loading...
