Summary of security technologies on Huawei devices-arp and port isolation

Security Technology 4: arp

ARP (Address Resolution Protocol) is a TCP/IP Protocol for obtaining physical addresses. After an ARP request from a node's IP address is broadcast to the network, the node will receive a response to confirm its physical address, so that the packets can be sent out. RARP is often used on diskless workstation to obtain its logical IP address.

Security Technology 5: port isolation

Port isolation is used to isolate packets. Different ports can be added to different VLANs, but limited VLAN resources are wasted. Port isolation can be used to isolate ports in the same VLAN. You only need to add a port to an isolation group to isolate Layer 2 data between ports in the isolation group. Port isolation provides users with a safer and more flexible networking solution.

Currently, some devices only support one isolation group (hereinafter referred to as a single isolation group). The system automatically creates isolation group 1. You cannot delete this isolation group or create other isolation groups. Some devices support multiple isolation groups. The number of isolated groups supported by different devices is different. Please refer to the actual situation of the device.

There is no limit on the number of ports that can be added to the isolation group.

The port isolation feature is independent of the VLAN to which the port belongs. For ports of different VLANs, only Layer 2 packets from common ports in the same isolation group to uplink ports can pass through one way. In other cases, Layer 2 data on ports is isolated from each other. For ports belonging to the same VLAN, isolate layer-2 data communication between internal and external ports.

Different support technologies are available on Layer 2 and Layer 3 switches.

Tutorial objective]

Port isolation on L2 switches to isolate packets

Lab Topology]

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/05542K100-0.png "title =" image 13.png "/>

Lab Configuration]

Vswitch

[Quidway] dis cu

#

Sysname Quidway

#

Radius scheme system

#

Domain system

#

Vlan 1

#

Interface Aux1/0/0

#

Interface Ethernet1/0/1

#

Interface Ethernet1/0/2

#

Interface Ethernet1/0/3

#

Interface Ethernet1/0/4

#

Interface Ethernet1/0/5

#

Interface Ethernet1/0/6

#

Interface Ethernet1/0/7

#

Interface Ethernet1/0/8

#

Interface Ethernet1/0/9

#

Interface Ethernet1/0/10

Port isolate

#

Interface Ethernet1/0/11

#

Interface Ethernet1/0/12

#

Interface Ethernet1/0/13

#

Interface Ethernet1/0/14

#

Interface Ethernet1/0/15

#

Interface Ethernet1/0/16

#

Interface Ethernet1/0/17

#

Interface Ethernet1/0/18

#

Interface Ethernet1/0/19

#

Interface Ethernet1/0/20

Port isolate

#

Interface Ethernet1/0/21

#

Interface Ethernet1/0/22

#

Interface Ethernet1/0/23

#

Interface Ethernet1/0/24

#

Interface NULL0

#

User-interface aux 0

User-interface vty 0 4

#

Return

Test 1

Lab Test]

Test 1

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/05542J328-1.png "title =" image 14.png "/>

Test 2

Change the port connection Port

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/05542J252-2.png "title =" image 15.png "/>

Tutorial objective]

Implement port isolation on layer-3 switches to isolate packets

Lab Topology]

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/05542K506-3.png "title =" 16.16.png "/>

Lab Configuration]

Quidway> dis cu

#

Sysname Quidway

#

Radius scheme system

Server-type huawei

Primary authentication 127.0.0.1 1645

Primary accounting 127.0.0.1 1646

User-name-format without-domain

Domain system

Radius-scheme system

Access-limit disable

State active

Idle-cut disable

Domain default enable system

#

Local-server nas-ip 127.0.0.1 key huawei

#

Am enable

#

Vlan 1

#

Interface Aux0/0

#

Interface Ethernet0/1

#

Interface Ethernet0/2

#

Interface Ethernet0/3

#

Interface Ethernet0/4

#

Interface Ethernet0/5

#

Interface Ethernet0/6

#

Interface Ethernet0/7

#

Interface Ethernet0/8

#

Interface Ethernet0/9

#

Interface Ethernet0/10

Am isolate Ethernet0/20

#

Interface Ethernet0/11

#

Interface Ethernet0/12

#

Interface Ethernet0/13

#

Interface Ethernet0/14

#

Interface Ethernet0/15

#

Interface Ethernet0/16

#

Interface Ethernet0/17

#

Interface Ethernet0/18

#

Interface Ethernet0/19

#

Interface Ethernet0/20

Am isolate Ethernet0/10

#

Interface Ethernet0/21

#

Interface Ethernet0/22

#

Interface Ethernet0/23

#

Interface Ethernet0/24

#

Interface NULL0

#

User-interface aux 0

User-interface vty 0 4

#

Return

Lab Test]

Test 1

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/05542K592-4.png "title =" image 17.png "/>

Test 2

Change the port number of The Link

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/05542MH2-5.png "title =" image 18.png "/>