You can implement Layer 2 isolation between users by adding them to different VLANs. VLANs have to be allocated to all users who are not allowed to communicate with each other. If an enterprise has many users, this user isolation method uses a large number of VLANs and makes configuration more complex, increasing the maintenance workload of the network administrator.
Huawei provides intra-VLAN Layer 2 isolation technologies including port isolation, Multiplex VLAN (MUX VLAN), and Modular QoS Command-Line Interface (MQC).
Port isolation can isolate interfaces in the same VLAN. You can add interfaces to a port isolation group to disable Layer 2 packet transmission between the interfaces. Interfaces in different port isolation groups or not in any port isolation groups can exchange packets with each other normally. In addition, interfaces can also be isolated unidirectionally, creating a more secure and flexible network.
Multiplex VLAN (MUX VLAN) controls network resources using VLANs. It can implement inter-VLAN communication and intra-VLAN isolation.
For example, by deploying MUX VLAN, an enterprise can allow employees to communicate with each other, but isolate customers from each other. At the same time, both employees and customers can access enterprise servers.
For details about the MUX VLAN feature, see MUX VLAN Configuration.
A traffic policy is configured by binding traffic classifiers to traffic behaviors. You can define traffic classifiers on a switch to match packets with certain characteristics and associate the traffic classifiers with the permit or deny behavior in a traffic policy. The switch then permits or denies packets matching the traffic classifiers, implementing intra-VLAN unidirectional or bidirectional isolation.
The switch supports intra-VLAN Layer 2 isolation based on MQC and ACL-based simplified traffic policies. For details about MQC and ACL-based simplified traffic policies, see MQC Configuration and ACL-based Simplified Traffic Policy Configuration in the S2720, S5700, and S6700 V200R019C10 Configuration Guide - QoS.