The
analysis of actual cases CISCO2951-V/K9
A company, because the service requirements, in order to guarantee the high availability of server, the server
uses the NLB cluster technology. Everything isa good thing, because the NLB cluster in the actual environment generally uses the multicast technology, the switch node the
same exit are received
a large number of broadcast, network delay is smaller (such as Internet phone,short message service) users of the network performance will be greatly affected by.
In the face
of this situation, we first thought was to subnet or designated
asVLAN, subnet division after the problem still exists, this time is generally onlyconsider the partition of VLAN, because the IDC server nodes on theequipment with virtually no division of VLAN, because the server's uplink switchis the users themselves, and in
the IDC switch designated VLAN, the switch
configuration VLAN server when needed
for Trunk, not on
the equipment andcommunications, computer network topology due to user environment they are not familiar with, so there is no way to divide the VLAN. Is this
situation can'tsolve?
The answer
is yes, that is the port isolation technology.
Overview of port isolation technology
Port
isolation technology is to implement a client port of sufficient isolation to ensure that a client
will not receive another client traffic technology. Through the port isolation technology, users can be controlled port into
a separategroup, through the port isolation characteristics, the user can will need tocontrol the port into a separate group, the realization of the two layer dataisolation between isolation group in the port, the use of isolation technologyafter the
isolation between ports unicast, broadcast and multicast is not, the virus does not spread in isolation between computers, increase of networksecurity, improve the network performance
The actual application environment
Well, let's take a port
isolation application (H3C switches to S2126-ei as an example)
Cause: a user often send a large number of foreign radio network performance, resulting in serious decline
Prescription: Port Isolation Technology
The three
server is divided into 3 real users, are respectively connected switch
Sys
System View: return to User View with Ctrl+Z.
[H3C]interface Ethernet 1/0/1
[H3C-Ethernet1/0/1]port isolate / / set the port for the isolated port
[H3C-Ethernet1/0/1]quit
[H3C] interface Ethernet 1/0/2
[H3C-Ethernet1/0/2]port isolate / / set the port for the isolated port
[H3C-Ethernet1/0/2]quit
[H3C] interface Ethernet 1/0/3
[H3C-Ethernet1/0/3]port isolate / / set the port for the isolated port
[H3C-Ethernet1/0/3]quit
[H3C]save /
/ save configuration
[H3C]display isolate port / / query port isolate group in the port
[H3C-Ethernet1/0/X]undo port isolate
/ / delete isolated port of the port of
Note: the port isolation is different from VLAN
Other manufacturers brand switch port isolation technology application
HUAWEI
[Quidway]interface Ethernet1/0/1
[Quidway-Ethernet1/0/1] port-isolate enable / / open the port isolation function
CISCO
Switch (config) # interface
port number
Switch (config-if) # switchitchport protected / / open port protection function
Note: Cisco individual model switch using PVLAN port to achieve protection function
D-link
Config traffic_segmentation forward_list [null |] []
Note: said to
specify which ports as isolated port, C2901-VSEC/K9 parameter null indicates nouplink port, parameter represents the uplink port
没有评论:
发表评论