When configuring VLANs, first assign VLANs. Then carry out the other VLAN configuration tasks according to your business requirements.
Configuration Task |
Description |
|---|---|
Assign VLANs to isolate hosts that do not need to communicate with each other, which improves network security, reduces broadcast traffic, and mitigates broadcast storms. Select a VLAN assignment mode based on your specific needs. |
|
After VLANs are assigned, users in different VLANs cannot directly communicate with each other. If users in different VLANs need to communicate with each other, configure VLANIF interfaces to implement inter-VLAN Layer 3 communication. |
|
Configure port isolation to implement intra-VLAN Layer 2 isolation |
After VLANs are assigned, users in the same VLAN can directly communicate with each other. If some users in the same VLAN need to be isolated, configure port isolation to implement intra-VLAN Layer 2 isolation. NOTE:
You can also implement intra-VLAN Layer 2 isolation by configuring MQC-based traffic policies and simplified traffic policies. For details, see MQC Configuration and ACL-based Simplified Traffic Policy Configuration in the S2720, S5700, and S6700 V200R019C10 Configuration Guide - QoS. |
To use the NMS to centrally manage devices, configure a VLAN as the management VLAN after assigning VLANs. |
|
Configure transparent transmission of protocol packets in a VLAN |
Configure protocol packet transparent transmission in a VLAN so that the switch sends only protocol packets in a specified VLAN to the CPU. This improves the forwarding efficiency. |