三层隔离与二层隔离区别
1、模式不同
系统视图:port-isolate mode l2 //二层隔离
系统视图:port-isolate mode all //三层隔离
2、结果
分别实现二层隔离和三层隔离
配置
[sw1]display current-configuration
#
sysname sw1
#
vlan batch 10 20
#
cluster enable
ntdp enable
ndp enable
#
port-isolate mode all
#
drop illegal-mac alarm
#
dhcp enable
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
dhcp select interface
dhcp server excluded-ip-address 10.1.1.2 10.1.1.50
dhcp server lease day 10 hour 0 minute 0
dhcp server dns-list 8.8.8.8
#
interface Vlanif20
ip address 20.1.1.1 255.255.255.0
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 20
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 10
port-isolate enable group 10
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 10
port-isolate enable group 10
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 20.1.1.2
#
user-interface con 0
idle-timeout 0 0
user-interface vty 0 4
#
return
[sw1]
注意
vlan视图
arp-proxy inner-sub-vlan-proxy enable //二层隔离后,还能通过此命令实现隔离后的二层通信
