Chapter 8
| General Security Measures
Port-based Traffic Segmentation
traffic-segmentation
session
Traffic segmentation and normal VLANs can exist simultaneously within
◆
the same switch. Traffic may pass freely between uplink ports in
segmented groups and ports in normal VLANs.
When traffic segmentation is enabled, the forwarding state for the
◆
uplink and downlink ports assigned to different client sessions is shown
below.
Table 60: Traffic Segmentation Forwarding
Destination
Session #1
Source
Downlinks
Session #1
Blocking
Downlink Ports
Session #1
Forwarding
Uplink Ports
Session #2
Blocking
Downlink Ports
Session #2
Blocking
Uplink Ports
Normal Ports
Forwarding
* The forwarding state for uplink-to-uplink ports is configured by the
segmentation uplink-to-uplink
When traffic segmentation is disabled, all ports operate in normal
◆
forwarding mode based on the settings specified by other functions
such as VLANs and spanning tree protocol.
Enter the traffic-segmentation command without any parameters to
◆
enable traffic segmentation. Then set the interface members for
segmented groups using the
command.
Enter no traffic-segmentation to disable traffic segmentation and
◆
clear the configuration settings for segmented groups.
E
XAMPLE
This example enables traffic segmentation globally on the switch.
Console(config)#traffic-segmentation
Console(config)#
This command creates a traffic-segmentation client session. Use the no
form to remove a client session.
S
YNTAX
[no] traffic-segmentation session session-id
session-id – Traffic segmentation session. (Range: 1-4)
Session #1
Session #2
Uplinks
Downlinks
Forwarding
Blocking
Forwarding
Blocking
Blocking
Blocking
Blocking/
Forwarding
Forwarding<
Superscript
>*
Forwarding
Forwarding
command.
traffic-segmentation uplink/downlink
– 314 –
Session #2
Normal
Uplinks
Ports
Blocking
Blocking
Blocking/
Forwarding
Forwarding
*
Forwarding
Blocking
Forwarding
Forwarding
Forwarding
Forwarding
traffic-