CN105407082A - Host isolation apparatus in VLAN and method thereof - Google Patents
Host isolation apparatus in VLAN and method thereof Download PDFInfo
- Publication number
- CN105407082A CN105407082A CN201510698285.5A CN201510698285A CN105407082A CN 105407082 A CN105407082 A CN 105407082A CN 201510698285 A CN201510698285 A CN 201510698285A CN 105407082 A CN105407082 A CN 105407082A
- Authority
- CN
- China
- Prior art keywords
- vlan
- isolated
- main frame
- primary
- mutually
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention discloses a host isolation apparatus in a VLAN and a method thereof. The apparatus comprises a receiving module, a configuration module and a deployment module, wherein the receiving module is used for receiving a request of mutually isolating assigned hosts in the VLAN; the configuration module is used for distributing a main VLAN and an auxiliary VLANs associated with the main VLAN in the VLAN, wherein the auxiliary VLAN comprises an isolation VLAN; a host in the main VLAN is allowable to communicate with any other hosts; a host in the isolation VLAN is only allowable to communicate with the host in the main VLAN; the deployment module is used for deploying a server in the VLAN into the main VLAN and deploying the assigned hosts into the isolation VLAN so that the assigned hosts are isolated to each other. By using the apparatus and the method, the assigned hosts in the same VLAN can be isolated so that an information safety requirement can be satisfied through less management cost and resources.
Description
Technical field
The present invention relates to communication technical field, particularly relate to the apparatus and method of main frame isolation in a kind of VLAN.
Background technology
Because present network environment is day by day complicated, information security seems particularly important.And enterprise is for the needs of protection company secret, also in the urgent need in this enterprise network, client host can with server communication, and can not with other client host communications in network.
In prior art, realize mutually not communicating between the main frame in an enterprise network, can only be that each main frame is all assigned to different VLAN (VirtualLocalAreaNetwork, Chinese is " VLAN ") in, when host number is very many time, need to distribute a large amount of VLAN, thus cause the wasting of resources, network management is complicated.
Summary of the invention
The technical problem that the present invention mainly solves is to provide the apparatus and method of main frame isolation in a kind of VLAN, can realize carrying out communication isolating to the given host be deployed in same VLAN, thus reach the requirement of information security with less management cost and resource.
For solving the problems of the technologies described above, the technical scheme that the present invention adopts is: the device providing main frame isolation in a kind of VLAN, and this device comprises: receiver module, for being received in VLAN the request that given host is isolated mutually; Configuration module, for the auxiliary vlan distributing primary vlan and associate with described primary vlan in described VLAN, described auxiliary vlan comprises isolated vlan, main frame in described primary vlan allows and any other main-machine communication, and the main frame in described isolated vlan only allows and the main-machine communication in described primary vlan; Deployment module, for by the server disposition in described VLAN in described primary vlan, and described given host to be deployed in described isolated vlan, to isolate mutually between described given host.For solving the problems of the technologies described above, the technical scheme that the present invention adopts is: the method providing main frame isolation in a kind of VLAN, and the step of the method comprises: receive in VLAN the request that given host is isolated mutually; The auxiliary vlan distributing primary vlan and associate with described primary vlan in described VLAN, described auxiliary vlan comprises isolated vlan, main frame in described primary vlan allows and any other main-machine communication, and the main frame in described isolated vlan only allows and the main-machine communication in described primary vlan; By the server disposition in described VLAN in described primary vlan, and described given host is deployed in described isolated vlan, to isolate mutually between described given host.
Be different from prior art, in VLAN of the present invention, the device of main frame isolation is received in VLAN the request that given host is isolated mutually, the auxiliary vlan distributing primary vlan and associate with primary vlan in VLAN, by server disposition in primary vlan, and the host deployments that will isolate mutually is in isolated vlan, can realize carrying out communication isolating to given host in same VLAN, thus both reach information security, reduce again the wasting of resources, save management cost.
Accompanying drawing explanation
Fig. 1 is the structural representation of the first execution mode of a kind of device provided by the invention;
Fig. 2 is the structural representation of the second execution mode of a kind of device provided by the invention;
Fig. 3 is the schematic flow sheet of the first execution mode of a kind of method provided by the invention.
Embodiment
Below in conjunction with embodiment, more detailed description is further done to technical scheme of the present invention.Obviously, described embodiment is only a part of embodiment of the present invention, instead of whole embodiments.Based on the embodiment in the present invention, the every other embodiment that those of ordinary skill in the art obtain under the prerequisite of not making creative work, all should belong to the scope of protection of the invention.
Consult Fig. 1, Fig. 1 is the structural representation of the first execution mode of the device of main frame isolation in a kind of VLAN provided by the invention.In this VLAN, the device 100 of main frame isolation comprises: receiver module 110, configuration module 120, deployment module 130.
Wherein, receiver module 110, for being received in VLAN the request that given host is isolated mutually.This request can be network manager by configuring in real time thus the request sent switch, or perform the instruction of existing configuration file on switches thus the request triggered.Concrete, the hardware identifier of the main frame needing isolation mutually will be carried in request, be generally MAC Address, employing hexadecimal number represents, totally six bytes (48), show as the form of " * *-* *-* *-* *-* *-* * ", each " * " represents a hexadecimal number, such as, need the host identification of isolating to be " 44-37-E6-0C-45-DE " and " 11-22-E6-0C-45-33 ".
Configuration module 120 connects receiver module 110, trigger according to the request that receiver module 110 receives, the auxiliary vlan distributing primary vlan and associate with described primary vlan in this VLAN, described auxiliary vlan comprises isolated vlan, main frame in described primary vlan allows and any other main-machine communication, and the main frame in described isolated vlan only allows and the main-machine communication in described primary vlan.In network system, the IP address being " * .*.*.* " by form identifies VLAN, each " * " represents a decimal number (length is an octet), such as " 10.10.10.0 ", described VLAN and the primary vlan distributed in this VLAN and auxiliary vlan have identical IP address and different ports, therefore it seems from external system, they belong to identical VLAN.
The result that deployment module 130 configures according to configuration module 120, by the server disposition in VLAN in described primary vlan, and is deployed to described given host in described isolated vlan, to isolate mutually between described given host.
Be different from prior art, the device of main frame isolation in VLAN of the present invention, according in VLAN to the request that given host is isolated mutually, for this VLAN distributes primary vlan and auxiliary vlan, auxiliary vlan comprises isolated vlan, main frame wherein in primary vlan allows and any other main-machine communication, main frame in auxiliary vlan only allows and the host identification in primary vlan, and the host deployments that will isolate mutually is in isolated vlan, thus achieve and just can isolate mutually given host in a VLAN, without the need to by host deployments to different VLAN, thus achieve information security with less management cost and resource.
Consult Fig. 2, Fig. 2 is the structural representation of the second execution mode of the device of main frame isolation in a kind of VLAN provided by the invention.This device 200 comprises: receiver module 210, configuration module 220, deployment module 230.
Wherein, receiver module 210 is for being received in VLAN the request that given host is isolated mutually.Concrete, can be deployed server and main frame in existing VLAN, network manager will carry out communication isolating to given host in this VLAN according to real network deployment requirements; Also can be that network manager needs a newly-built VLAN, and in this VLAN deployment server and mutually isolated main frame.Concrete, this request can be network manager by configuring in real time thus the request sent switch, or perform the instruction of existing configuration file on switches thus the request of triggering.Concrete, by carrying the hardware identifier of the main frame needing isolation mutually in request, be generally MAC Address, such as, need the host identification of isolating to be " 44-37-E6-0C-45-DE " and " 11-22-E6-0C-45-33 ".
Configuration module 220 comprises and comprises dispensing unit 221 and record cell 222.Dispensing unit 221 triggers for the request received according to receiver module 210, the designated port of described VLAN is distributed to primary vlan respectively, and isolated vlan designated port distributed in the auxiliary vlan that associates with described primary vlan, main frame in described primary vlan allows and any other main-machine communication, and the main frame in described isolated vlan only allows and the main-machine communication in described primary vlan.In network system, the IP address being " * .*.*.* " by form identifies VLAN, such as " 10.10.10.0 ", and a VLAN can have multiple port, usual employing integer carrys out identification port, such as 1,2,3 ... such as, port one, 2,3 is distributed to primary vlan, port 7 ~ 20 is distributed to isolated vlan, VLAN and the primary vlan distributed in this VLAN and auxiliary vlan have identical IP address and different ports, and therefore it seems from external system, they belong to identical VLAN.When dispensing unit 221 has carried out described port assignment operation, record cell 222 will record described port assignment information, and namely which port often kind of VLAN comprises.Concrete, described port assignment information can be recorded in the register of switch.Further, " main frame in primary vlan allows and any other main-machine communication, and the main frame in isolated vlan only allows and the main-machine communication in described primary vlan " this policy information will be kept in VLAN, concrete, can be in the preserving existence intersection property register of changing planes.
The result that deployment module 230 configures according to configuration module 220, by the server disposition in VLAN in described primary vlan, and described given host is deployed in described isolated vlan, concrete, deployment module 230 recording configuration module 220 is the port of described primary vlan distribution and the incidence relation of server, and recording configuration module 220 is the port of described isolated vlan distribution and the incidence relation of given host, to isolate mutually between described given host.
Optionally, in another example of the present embodiment, receiver module 210 further receives the request that the main frame that can communicate at least two mutually and described given host are isolated, such as, can communicate mutually between the main frame being designated " 33-33-33-33-33-33 " and " 44-44-44-44-44-44 ", but need to isolate between other main frames.Configuration module 220 distribute auxiliary vlan associate with primary vlan, comprise group VLAN further, the main frame in described group VLAN only allow internal mutual to communicate and with described primary vlan in main-machine communication; Concrete, the designated port of described VLAN is distributed to described group VLAN by dispensing unit 221 respectively; And record cell 222 records described port assignment information; Deployment module 230, further by the host deployments of described at least two communications mutually to described group VLAN, concrete, deployment module 230 is further recorded as the port of described group VLAN distribution and the incidence relation of described at least two main frames communicated mutually.In this example, achieve deployment and other main frames in same VLAN and isolate but the multiple main frames allowing internal mutual to communicate.
Be different from prior art, the device of main frame isolation in VLAN of the present invention, according in VLAN to the request that given host is isolated mutually, for this VLAN distributes primary vlan and auxiliary vlan, auxiliary vlan comprises isolated vlan, main frame wherein in primary vlan allows and any other main-machine communication, main frame in auxiliary vlan only allows and the host identification in primary vlan, and the host deployments that will isolate mutually is in isolated vlan, thus achieve and just can isolate mutually given host in a VLAN, without the need to by host deployments to different VLAN, thus achieve information security with less management cost and resource.
Consult Fig. 3, Fig. 3 is the schematic flow sheet of the first execution mode of main frame partition method in a kind of VLAN provided by the invention.The step of the method comprises:
S301: receive in assigned vlan the request that given host is isolated mutually.
Concrete, can be deployed server and main frame in existing VLAN, network manager will carry out communication isolating to given host in this VLAN according to real network deployment requirements; Also can be that network manager needs a newly-built VLAN, and in this VLAN deployment server and mutually isolated main frame.
Concrete, this request can be network manager by configuring in real time thus the request sent switch, or perform the instruction of existing configuration file on switches thus the request of triggering.Concrete, by carrying the hardware identifier of the main frame needing isolation mutually in request, be generally MAC Address, such as, need the host identification of isolating to be " 44-37-E6-0C-45-DE " and " 11-22-E6-0C-45-33 ".
S302: the auxiliary vlan distributing primary vlan and associate with described primary vlan in described VLAN, described auxiliary vlan comprises isolated vlan, main frame in described primary vlan allows and any other main-machine communication, and the main frame in described isolated vlan only allows and the main-machine communication in described primary vlan.
Concrete, the auxiliary vlan distributing primary vlan and associate with described primary vlan in described VLAN, described auxiliary vlan comprises isolated vlan: the designated port of described VLAN is distributed to primary vlan respectively, and designated port is distributed to the isolated vlan in the auxiliary vlan that associates with described primary vlan; And record described port assignment information, namely which port often kind of VLAN comprises.
In network system, the IP address being " * .*.*.* " by form identifies VLAN, such as " 10.10.10.0 ", and a VLAN can have multiple port, usual employing integer carrys out identification port, such as 1,2,3 ... such as, can be that port one, 2,3 is distributed to primary vlan, port 7 ~ 20 is distributed to isolated vlan, VLAN and the primary vlan distributed in this VLAN and auxiliary vlan have identical IP address and different ports, and therefore it seems from external system, they belong to identical VLAN.Described port assignment information can be recorded in the register of switch.Further, " main frame in primary vlan allows and any other main-machine communication, and the main frame in isolated vlan only allows and the main-machine communication in described primary vlan " this policy information will be kept in VLAN, such as, can be in the preserving existence intersection property register of changing planes.
S303: by the server disposition in described VLAN in described primary vlan, and described given host be deployed in described isolated vlan, to isolate mutually between described given host.
Concrete, changing step can be: be recorded as the port of described primary vlan distribution and the incidence relation of described server, is recorded as the port of described isolated vlan distribution and the incidence relation of described given host.
Optionally, in another example of the present embodiment, step s301 further receives the request that the main frame that can communicate at least two mutually and described given host are isolated, such as, can communicate mutually between the main frame being designated " 33-33-33-33-33-33 " and " 44-44-44-44-44-44 ", but need to isolate between other main frames.The auxiliary vlan associated with primary vlan distributed in step s302, also comprises group VLAN further, the main frame in described group VLAN only allow internal mutual to communicate and and described primary vlan in main-machine communication; Concrete, this step can be that the designated port of described VLAN is distributed to described group VLAN respectively; And record described port assignment information; Step s303, further by the host deployments of described at least two mutual communications to described group VLAN, concrete, this step can for being further recorded as the incidence relation of port that described group VLAN distributes and described at least two mutual main frames communicated.In this example, achieve deployment and other main frames in same VLAN and isolate but the multiple main frames allowing internal mutual to communicate.
Be different from prior art, the method of main frame isolation in VLAN of the present invention, according in VLAN to the request that given host is isolated mutually, for this VLAN distributes primary vlan and auxiliary vlan, auxiliary vlan comprises isolated vlan, main frame wherein in primary vlan allows and any other main-machine communication, main frame in auxiliary vlan only allows and the host identification in primary vlan, and the host deployments that will isolate mutually is in isolated vlan, thus achieve and just can isolate mutually given host in a VLAN, without the need to by host deployments to different VLAN, thus achieve information security with less management cost and resource.
The foregoing is only embodiments of the present invention; not thereby the scope of the claims of the present invention is limited; every utilize specification of the present invention and accompanying drawing content to do equivalent structure or equivalent flow process conversion; or be directly or indirectly used in other relevant technical fields, be all in like manner included in scope of patent protection of the present invention.
Claims (10)
1. a device for main frame isolation in VLAN, is characterized in that, comprising:
Receiver module, for being received in VLAN the request that given host is isolated mutually;
Configuration module, for the auxiliary vlan distributing primary vlan and associate with described primary vlan in described VLAN, described auxiliary vlan comprises isolated vlan, main frame in described primary vlan allows and any other main-machine communication, and the main frame in described isolated vlan only allows and the main-machine communication in described primary vlan;
Deployment module, for by the server disposition in described VLAN in described primary vlan, and described given host to be deployed in described isolated vlan, to isolate mutually between described given host.
2. the device of main frame isolation in VLAN according to claim 1, is characterized in that, described receiver module, specifically for being received in the request of deployment server and mutually isolated main frame in described VLAN; Or receive the request main frame disposed in described VLAN being carried out to isolation mutually.
3. the device of main frame isolation in VLAN according to claim 1, is characterized in that,
Described configuration module comprises dispensing unit and record cell, and described dispensing unit is used for the designated port of described VLAN to distribute to described primary vlan and described isolated vlan respectively, and described record cell is used for recording described port assignment information;
Described deployment module, specifically for being recorded as the port and the incidence relation of described server that described primary vlan distributes, and is recorded as the incidence relation of port that described isolated vlan distributes and described given host.
4. the device of main frame isolation in VLAN according to claim 1, its feature is being, described receiver module is further for receiving the request that the main frame that can communicate at least two mutually and described given host are isolated;
The auxiliary vlan associated with described primary vlan that described configuration module distributes, comprises group VLAN further, the main frame in described group VLAN only allow internal mutual to communicate and and described primary vlan in main-machine communication;
Described deployment module, is further used for described at least two host deployments communicated mutually to described group VLAN.
5. the device of main frame isolation in VLAN according to claim 4, described configuration module comprises dispensing unit and record cell, described dispensing unit is used for the designated port of described VLAN to distribute to described primary vlan, described isolated vlan and described group VLAN respectively, and described record cell is used for recording described port assignment information;
Described deployment module, specifically for being recorded as the port and the incidence relation of described server that described primary vlan distributes, be recorded as the port of described isolated vlan distribution and the incidence relation of described given host, and be recorded as the port of described group VLAN distribution and the incidence relation of described at least two main frames communicated mutually.
6. a method for main frame isolation in VLAN, is characterized in that, comprising:
Receive in VLAN the request that given host is isolated mutually;
The auxiliary vlan distributing primary vlan and associate with described primary vlan in described VLAN, described auxiliary vlan comprises isolated vlan, main frame in described primary vlan allows and any other main-machine communication, and the main frame in described isolated vlan only allows and the main-machine communication in described primary vlan;
By the server disposition in described VLAN in described primary vlan, and described given host is deployed in described isolated vlan, to isolate mutually between described given host.
7. the method for main frame isolation in VLAN according to claim 6, is characterized in that, described in receive in VLAN the request that given host is isolated mutually, be specially: the request receiving deployment server and mutually isolated main frame in described VLAN; Or receive the request main frame disposed in described VLAN being carried out to isolation mutually.
8. the method for main frame isolation in VLAN according to claim 6, is characterized in that,
The described auxiliary vlan distributing primary vlan and associate with described primary vlan in described VLAN is specially: the designated port of described VLAN is distributed to respectively described primary vlan and described isolated vlan, and record described port assignment information;
Described server disposition in described VLAN to be specially in described primary vlan: the incidence relation being recorded as port that described primary vlan distributes and described server;
Described described given host being deployed in described isolated vlan is specially: be recorded as the port of described isolated vlan distribution and the incidence relation of described given host.
9. the method for main frame isolation in VLAN according to claim 6, is characterized in that:
Described receive the request in VLAN, given host isolated mutually after, further also receive the request that the main frame that can communicate at least two mutually and described given host are isolated;
Described auxiliary vlan also comprises group VLAN, the main frame in described group VLAN only allow internal mutual to communicate and and described primary vlan in main-machine communication;
By described at least two host deployments communicated mutually to described group VLAN.
10. the method for main frame isolation in VLAN according to claim 9, it is characterized in that, the described auxiliary vlan distributing primary vlan and associate with described primary vlan in described VLAN is specially: the designated port of described VLAN is distributed to respectively described primary vlan, described isolated vlan and described group VLAN, and record described port assignment information;
Described server disposition in described VLAN to be specially in described primary vlan: the incidence relation being recorded as port that described primary vlan distributes and described server;
Described described given host being deployed in described isolated vlan is specially: be recorded as the port of described isolated vlan distribution and the incidence relation of described given host;
The described host deployments by described at least two mutual communications are specially to described group VLAN: be recorded as the port of described group VLAN distribution and the incidence relation of described at least two main frames communicated mutually.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510698285.5A CN105407082A (en) | 2015-10-23 | 2015-10-23 | Host isolation apparatus in VLAN and method thereof |
| PCT/CN2016/097744 WO2017067328A1 (en) | 2015-10-23 | 2016-08-31 | Apparatus and method for host isolation in vlan |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510698285.5A CN105407082A (en) | 2015-10-23 | 2015-10-23 | Host isolation apparatus in VLAN and method thereof |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105407082A true CN105407082A (en) | 2016-03-16 |
Family
ID=55472337
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510698285.5A Pending CN105407082A (en) | 2015-10-23 | 2015-10-23 | Host isolation apparatus in VLAN and method thereof |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN105407082A (en) |
| WO (1) | WO2017067328A1 (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017067328A1 (en) * | 2015-10-23 | 2017-04-27 | 上海斐讯数据通信技术有限公司 | Apparatus and method for host isolation in vlan |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060146835A1 (en) * | 2004-12-30 | 2006-07-06 | Sanjib Homchaudhuri | Platform independent implementation of private VLANS |
| CN102780608A (en) * | 2011-05-13 | 2012-11-14 | 国际商业机器公司 | Efficient software-based private VLAN solution for distributed virtual switches |
| CN103141059A (en) * | 2011-06-24 | 2013-06-05 | 思科技术公司 | Private virtual local area network isolation |
| CN104883325A (en) * | 2014-02-27 | 2015-09-02 | 国际商业机器公司 | PVLAN switch and method of connecting the PVLAN switch to non-PVLAN apparatus |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100553220C (en) * | 2007-08-22 | 2009-10-21 | 杭州华三通信技术有限公司 | A kind of method and apparatus of realizing that downlink user is isolated in the VLAN |
| CN105407082A (en) * | 2015-10-23 | 2016-03-16 | 上海斐讯数据通信技术有限公司 | Host isolation apparatus in VLAN and method thereof |
-
2015
- 2015-10-23 CN CN201510698285.5A patent/CN105407082A/en active Pending
-
2016
- 2016-08-31 WO PCT/CN2016/097744 patent/WO2017067328A1/en active Application Filing
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060146835A1 (en) * | 2004-12-30 | 2006-07-06 | Sanjib Homchaudhuri | Platform independent implementation of private VLANS |
| CN102780608A (en) * | 2011-05-13 | 2012-11-14 | 国际商业机器公司 | Efficient software-based private VLAN solution for distributed virtual switches |
| CN103141059A (en) * | 2011-06-24 | 2013-06-05 | 思科技术公司 | Private virtual local area network isolation |
| CN104883325A (en) * | 2014-02-27 | 2015-09-02 | 国际商业机器公司 | PVLAN switch and method of connecting the PVLAN switch to non-PVLAN apparatus |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017067328A1 (en) * | 2015-10-23 | 2017-04-27 | 上海斐讯数据通信技术有限公司 | Apparatus and method for host isolation in vlan |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2017067328A1 (en) | 2017-04-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3677009B1 (en) | Unified security policies across virtual private clouds with overlapping ip address blocks | |
| EP2845350B1 (en) | Method and apparatus for providing tenant information for network flows | |
| EP2995067B1 (en) | A direct connect virtual private interface for a one to many connection with multiple virtual private clouds | |
| US9363207B2 (en) | Private virtual local area network isolation | |
| WO2018157299A1 (en) | Virtualization method for optical line terminal (olt) device, and related device | |
| CN106034052B (en) | The system and method that two laminar flow amounts are monitored a kind of between of virtual machine | |
| CN105745883B (en) | Forwarding table synchronous method, the network equipment and system | |
| US10454880B2 (en) | IP packet processing method and apparatus, and network system | |
| CN101577711B (en) | Method for realizing network security platform of IP software router by utilizing VLAN technology | |
| CN105933248B (en) | Service insertion within a basic virtual network environment | |
| CN105591863A (en) | Method and device for realizing interworking between virtual private cloud network and external network | |
| WO2011162777A1 (en) | Tenant isolation in a multi-tenant cloud system | |
| US9344360B2 (en) | Technique for managing an allocation of a VLAN | |
| WO2015149253A1 (en) | Data center system and virtual network management method of data center | |
| CN104012057A (en) | Flexible And Scalable Enhanced Transmission Selection Method For Network Fabrics | |
| CN105530200B (en) | The VLAN allocation method of different terminals business | |
| WO2016202086A1 (en) | Network topology joining method and apparatus | |
| CN102932342A (en) | Method and network equipment for isolating multi-user virtual local area network | |
| CN104243608A (en) | Communication method, cloud management server and virtual switch | |
| WO2021009693A1 (en) | Link layer method of configuring a bare-metal server in a virtual network | |
| CN105407082A (en) | Host isolation apparatus in VLAN and method thereof | |
| WO2016101515A1 (en) | Method and apparatus for determining information technology (it) device port | |
| EP3618407B1 (en) | Method for implementing three-layer communication | |
| US20180198708A1 (en) | Data center linking system and method therefor | |
| CN103986692A (en) | Data forwarding method and system based on wireless access point |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160316 |
|
| RJ01 | Rejection of invention patent application after publication |