现在位置: 首页 / H3C / 华三 / 正文

H3C端口隔离实验

  • 网工路上的绊脚石
  • H3C
  • 2023-08-18
  • 296热度
  • 0评论

 

目录

准备阶段

技术背景

VLAN虽然可以实现报文之间的二层隔离,但只通过VLAN实现报文二层隔离,会浪费有限的VLAN资源。所以端口隔离用于在VLAN内隔离以太网端口.

组网需求

一台交换机模拟接入设备,为了隔离不同接口业务同时节省VLAN资源使用端口隔离功能,将接口GE1/0/1~GE1/0/2模拟为某公司A部门,将接口GE1/0/3模拟为某公司B部门,两部门之间二层隔离。

实验拓扑

配置流程

配置IP地址

每台PC依次设置IP地址为192.168.0.X X随设备编号而改变。

配置隔离族之前连通性测试:

### PC4
<H3C>ping 192.168.0.5
Ping 192.168.0.5 (192.168.0.5): 56 data bytes, press CTRL_C to break
56 bytes from 192.168.0.5: icmp_seq=0 ttl=255 time=6.017 ms
56 bytes from 192.168.0.5: icmp_seq=1 ttl=255 time=2.123 ms
56 bytes from 192.168.0.5: icmp_seq=2 ttl=255 time=3.106 ms
56 bytes from 192.168.0.5: icmp_seq=3 ttl=255 time=3.165 ms
56 bytes from 192.168.0.5: icmp_seq=4 ttl=255 time=3.379 ms
--- Ping statistics for 192.168.0.5 ---

<H3C>ping 192.168.0.6
Ping 192.168.0.6 (192.168.0.6): 56 data bytes, press CTRL_C to break
56 bytes from 192.168.0.6: icmp_seq=0 ttl=255 time=7.959 ms
56 bytes from 192.168.0.6: icmp_seq=1 ttl=255 time=2.778 ms
56 bytes from 192.168.0.6: icmp_seq=2 ttl=255 time=3.883 ms
56 bytes from 192.168.0.6: icmp_seq=3 ttl=255 time=3.515 ms
56 bytes from 192.168.0.6: icmp_seq=4 ttl=255 time=2.515 ms
--- Ping statistics for 192.168.0.6 ---

端口隔离配置:

SW3

<H3C>system-view 
[H3C]hostname SW3
# 创建VLAN 10 将GigabitEthernet 1/0/1 ~ GigabitEthernet 1/0/3 加入到该VLAN下
[SW3]vlan 10
[SW3-vlan10]port g1/0/1 to g1/0/3
[SW3-vlan10]quit

# 创建聚合组并将GigabitEthernet 1/0/1、GigabitEthernet 1/0/2 加入到聚合组1
# GigabitEthernet 1/0/3 加入到聚合组2.
[SW3]port-isolate group  1
[SW3]port-isolate group  2
[SW3]int ran g1/0/1 t g1/0/2
[SW3-if-range]port-isolate enable  group  1
[SW3-if-range]int g1/0/3
[SW3-GigabitEthernet1/0/3]port-isolate enable  group  2
[SW3-GigabitEthernet1/0/3]quit

测试:

PC4:

通往PC5:

<H3C>ping 192.168.0.5
Ping 192.168.0.5 (192.168.0.5): 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
--- Ping statistics for 192.168.0.5 ---

通往PC6:

<H3C>ping 192.168.0.6
Ping 192.168.0.6 (192.168.0.6): 56 data bytes, press CTRL_C to break
56 bytes from 192.168.0.6: icmp_seq=0 ttl=255 time=3.143 ms
56 bytes from 192.168.0.6: icmp_seq=1 ttl=255 time=3.518 ms
56 bytes from 192.168.0.6: icmp_seq=2 ttl=255 time=2.629 ms
56 bytes from 192.168.0.6: icmp_seq=3 ttl=255 time=3.683 ms
56 bytes from 192.168.0.6: icmp_seq=4 ttl=255 time=5.117 ms
--- Ping statistics for 192.168.0.6 ---

补充说明:

如果您使用的是模拟器,但是华三模拟器(HCL 截止目前V5.9及以下版本)的BUG问题,正常情况下可能不能实现该效果。这里用华为模拟器进行演示,命令大同小异。

华为端口隔离配置演示