D
EFAULT
Disabled globally
No segmented port groups are defined.
C
OMMAND
Global Configuration
C
OMMAND
Traffic segmentation provides port-based security and isolation
◆
between ports within the VLAN. Data traffic on the downlink ports can
only be forwarded to, and from, the designated uplink port(s). Data
cannot pass between downlink ports in the same segmented group, nor
to ports which do not belong to the same group.
Any port can be defined as an uplink port or downlink port, but cannot
◆
be configured to serve both roles.
Traffic segmentation and normal VLANs can exist simultaneously within
◆
the same switch. Traffic may pass freely between uplink ports in
segmented groups and ports in normal VLANs.
Enter the traffic-segmentation command without any parameters to
◆
enable traffic segmentation. Then set the interface members for
segmented groups.
Enter no traffic-segmentation to disable traffic segmentation and
◆
clear the configuration settings for segmented groups.
E
XAMPLE
This example enables traffic segmentation, and then sets port 12 as the
uplink and ports 5-8 as downlinks.
Console(config)#traffic-segmentation
Console(config)#traffic-segmentation uplink ethernet 1/12
downlink ethernet 1/5-8
Console(config)#
This command displays the configured traffic segments.
show traffic-
segmentation
C
OMMAND
Privileged Exec
E
XAMPLE
Console#show traffic-segmentation
Private VLAN status: Disabled
Up-link Port:
Ethernet 1/12
Down-link Port:
Ethernet 1/5
Ethernet 1/6
Ethernet 1/7
S
ETTING
M
ODE
U
SAGE
M
ODE
– 841 –
| VLAN Commands
C
33
HAPTER
Configuring Port-based Traffic Segmentation