单臂路由+端口隔离（port-isolate ）实验配置案例

端口隔离可实现同一VLAN间的隔离，为用户提供了更安全、更灵活的组网方案。本实验模拟端口隔离的二层隔离与三层隔离

IP地址接口规划表

实验步骤

• 配置各接口和单臂路由，实现网络互通
• 配置二层隔离
• 验证二层隔离效果
• 配置三层隔离
• 验证三层隔离效果

项目实施

一、配置各接口和单臂路由

#R1的配置

[R1]interface GigabitEthernet0/0/1.1
[R1-GigabitEthernet0/0/1.1]
[R1-GigabitEthernet0/0/1.1] dot1q termination vid 10
[R1-GigabitEthernet0/0/1.1]
[R1-GigabitEthernet0/0/1.1] ip address 192.168.10.1 255.255.255.0 
[R1-GigabitEthernet0/0/1.1] arp broadcast enable
Info: This interface has already been configured with ARP broadcast.
#
[R1-GigabitEthernet0/0/1.1]interface GigabitEthernet0/0/1.2
[R1-GigabitEthernet0/0/1.2] dot1q termination vid 20
[R1-GigabitEthernet0/0/1.2] ip address 192.168.20.1 255.255.255.0 
[R1-GigabitEthernet0/0/1.2] arp broadcast enable

#SW1的配置

[SW1]interface Ethernet0/0/1
[SW1-Ethernet0/0/1] port link-type access
[SW1-Ethernet0/0/1] port default vlan 10
#
[SW1-Ethernet0/0/1]interface Ethernet0/0/2
[SW1-Ethernet0/0/2] port link-type access
[SW1-Ethernet0/0/2] port default vlan 10
#
[SW1-Ethernet0/0/2]interface Ethernet0/0/3
[SW1-Ethernet0/0/3] port link-type access
[SW1-Ethernet0/0/3] port default vlan 20
#
[SW1-Ethernet0/0/3]interface GigabitEthernet0/0/1
[SW1-GigabitEthernet0/0/1] port link-type trunk
[SW1-GigabitEthernet0/0/1] port trunk allow-pass vlan 10 20

二、配置二层端口隔离

#端口隔离组的配置

[SW1]interface Ethernet0/0/1
[SW1-Ethernet0/0/1] port-isolate enable group 10
#
[SW1-Ethernet0/0/1]interface Ethernet0/0/2
[SW1-Ethernet0/0/2] port-isolate enable group 10

#端口单向隔离的配置

[SW1-Ethernet0/0/1]am isolate Ethernet0/0/2

二层隔离效果：

三、配置三层隔离

#端口隔离组的配置

[SW1]interface GigabitEthernet0/0/1
[SW1-GigabitEthernet0/0/1]port-isolate enable group 10
[SW1]interface Ethernet0/0/1
[SW1-Ethernet0/0/1]port-isolate enable group 10

#端口单向隔离的配置

[SW1-Ethernet0/0/1] am isolate GigabitEthernet0/0/1

三层隔离效果：

相关参考链接

[1] :https://support.huawei.com/enterprise/zh/doc/EDOC1000141411/c0102a0f

标签：R1,isolate,Ethernet0,GigabitEthernet0,SW1,Hwawei,port,隔离
来源： https://www.cnblogs.com/wm-plengong/p/16198371.html