Chapter 8
| General Security Measures
Port-based Traffic Segmentation
– 266 –
traffic-segmentation This command enables traffic segmentation globally, or configures the uplink and
down-link ports for a segmented group of ports. Use the no form to disable traffic
segmentation globally.
Syntax
[no] traffic-segmentation [uplink interface-list downlink interface-list]
uplink – Specifies an uplink interface.
downlink – Specifies a downlink interface.
interface-list – One or more ports. Use a hyphen to indicate a
consecutive
list of ports or a comma between non-consecutive ports.
Default Setting
Disabled globally
No segmented port groups are defined.
Command Mode
Global Configuration
Command Usage
◆ Traffic segmentation provides port-based security and isolation between ports
within the VLAN. Data traffic on the downlink ports can only be forwarded to,
and from, the designated uplink port(s). Data cannot pass between downlink
ports in the same segmented group, nor to ports which do not belong to the
same group.
◆ Any port can be defined as an uplink port or downlink port, but cannot be
configured to serve both roles.
◆ Traffic segmentation and normal VLANs can exist simultaneously within the
same switch. Traffic may pass freely between uplink ports in segmented groups
and ports in normal VLANs.
◆ Enter the traffic-segmentation command without any parameters to enable
traffic segmentation. Then set the interface members for segmented groups.
◆ Enter no traffic-segmentation to disable traffic segmentation and clear the
configuration settings for segmented groups.
Example
This example enables traffic segmentation, and then sets port 12 as the uplink and
ports 5-8 as downlinks.
Console(config)#traffic-segmentation
Console(config)#traffic-segmentation uplink ethernet 1/12
downlink ethernet 1/5-8
Console(config)#
To Next Page
Loading...
