端口隔离在华为等其他交换机中理解是:同个vlan中的各个端口都不能相互访问
在summit200可以通过配置ACL实现
比如:
# Access-mask Configuration
create access-mask per-to-cpu dest-ip / 32 precedence 1500
create access-mask denyall port precedence 4000
create access-mask per-udp67 ip-protocol dest-L4port port precedence 3000
create access-mask per-arp ethertype port precedence 2000
create access-mask ff egress-port port precedence 1000
#
# Access-list Configuration
create access-list test5 access-mask per-to-cpu dest-ip 202.192.208.222 / 32 permit
create access-list test4 access-mask denyall port 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26 deny
create access-list test3 access-mask per-udp67 ip-protocol 17 dest-L4port 67 permit
create access-list te st2 access-mask per-arp ethertype 0x806 permit
create access-list test1 access-mask ff egress-port 1 port 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26 permit
#
