FS S3900 SERIES SWITCHES

Overview

The S3900 series switches consist of three models: S3900-24T4S, S3900-24F4S, S3900-48T4S, which are fully managed stackable Gigabit switches, equipped with Broadcom chips, supporting 10G SFP+ uplinks, designed for SMB, campus and enterprise networks.

S3900-24T4S S3900-24F4S S3900-48T4S

Product Guideline

Product Guideline

Case Study

Download

FAQ

Basic Information
Overview
Test Report
EOM, EOFS and EOS Date
Supported Module & Cable
Configuration Guide
Switch Stack
Voice VLAN
STP Configuration
Interface-based VLAN
IP Subnet-based VLAN
Protocol-based VLAN
Traffic Segmentation
Log in Guide
Port Mirroring
MAC Address-based VLAN
LACP
SNMP
DHCP Snooping

Traffic Segmentation Configuration on FS S3900 Series Switches

Posted on By FS.COM

Traffic segmentation, also known as port isolation or private VLAN, is a technique used to provide more secure and flexible networking solutions via isolating switch ports in the same VLAN of Layer 2. FS S3900 series switches, with abundant Layer 2 and Layer 2+ features, also support traffic segmentation.

Traffic Segmentation Application on FS S3900 Series Switches

Take traffic segmentation application on three S3900 series switches and one S5850-32S2Q switch in the same VLAN of Layer 2 as an example. After Eth 1/22 of S3900-24F4S-A connecting to S3900-24F4S-B and Eth 1/23 connecting to S3900-24T4S are added into a traffic segmentation group, S3900-24F4S-B and S3900-24T4S can not communicate with each other. However, the two switches can communicate with S5850-32S2Q. In that way, the network security can be ensured for the two links within the same traffic segmentation group.

Traffic Segmentation.jpg

Hardware Connection Guide for Traffic Segmentation of S3900 Series Switches

FS S3900 series switches consist of S3900-24T4S, S3900-24F4S, and S3900-48T4S, which all support the traffic segmentation. Since this technique aims at configuring the switch port, there is no special hardware connection need for you to care. Just connect the switches as your actual needs.

Notes:


  • FS S3900 series switches can enable up to four traffic segmentation groups at the same time. As for each group, the port number is without any limitation.

  • The traffic segmentation can only be realized in a single switch and is not accessible to the stacking switches.

  • Except for the downlink ports of traffic segmentation group can not communicate with each other, the downlink port can communicate with other ports of the same switch as well as uplink port normally.

Traffic Segmentation Configuration Roadmap of S3900 Series Switches

FS S3900 series switches are able to configure traffic segmentation via CLI and Web interface. Here we will mainly introduce how to configure traffic segmentation via CLI. And the configuration roadmaps for the above application case are listed as the following:


  • Configure VLAN, IP addresses, and Ethernet interface for the three S3900 series switches and one S5850-32S2Q switch to enable network interconnection.

  • Add the interfaces to a traffic segmentation group to implement Layer 2 segmentation between these interfaces.

  • Verify the configuration.

S3900 Series Switch Traffic Segmentation Configuration Via CLI

1. Configure vlan 2 and IP address for S3900-24F4S-A, and set its eth 1/22, eth 1/23, eth 1/24 port as trunk mode and allow vlan add 2.

S3900-24F4S-A#configure terminal
S3900-24F4S-A(config)#interface vlan 2
S3900-24F4S-A(config-if)#ip add 10.1.1.1/24
S3900-24F4S-A(config-if)#exit
S3900-24F4S-A(config)#interface ethernet 1/22
S3900-24F4S-A(config-if)#switchport mode trunk
S3900-24F4S-A(config-if)#switchport trunk allowed vlan add 2
S3900-24F4S-A(config-if)#exit
S3900-24F4S-A(config)#interface ethernet 1/23
S3900-24F4S-A(config-if)#switchport mode trunk
S3900-24F4S-A(config-if)#switchport trunk allowed vlan add 2
S3900-24F4S-A(config-if)#exit
S3900-24F4S-A(config)#interface ethernet 1/24
S3900-24F4S-A(config-if)#switchport mode trunk
S3900-24F4S-A(config-if)#switchport trunk allowed vlan add 2
S3900-24F4S-A(config-if)#exit

2. Configure traffic segmentation for S3900-24F4S-A.

S3900-24F4S-A(config)#traffic-segmentation
S3900-24F4S-A(config)#traffic-segmentation downlink ethernet 1/22
S3900-24F4S-A(config)#traffic-segmentation downlink ethernet 1/23
S3900-24F4S-A(config)#traffic-segmentation uplink ethernet 1/24

3. Verify the configuration. Check the status of traffic segmentation on S3900-24F4S-A and check whether the downlink ports are set successful.

S3900-24F4S-A#show traffic-segmentation
Traffic Segmentation Status: Enabled
Traffic pass through uplink ports: No
traffic segmentation.png

4. Configure vlan 2 and IP address for S3900-24F4S-B, S3900-24T4S, and S5850-32S2Q, and separately set their eth 1/22, eth 1/24, and ethernet-0-23 port as trunk mode and allow vlan add 2.

S3900-24F4S-B#configure terminal
S3900-24F4S-B(config)#interface vlan 2
S3900-24F4S-B(config-if)#ip add 10.1.1.2/24
S3900-24F4S-B(config-if)#exit
S3900-24F4S-B(config)#interface ethernet 1/22
S3900-24F4S-B(config-if)#switchport mode trunk
S3900-24F4S-B(config-if)#switchport trunk allowed vlan add 2
S3900-24F4S-B(config-if)#exit

S3900-24T4S#configure terminal
S3900-24T4S(config)#interface vlan 2
S3900-24T4S(config-if)#ip add 10.1.1.4/24
S3900-24T4S(config-if)#exit
S3900-24T4S(config)#interface ethernet 1/24
S3900-24T4S(config-if)#switchport mode trunk
S3900-24T4S(config-if)#switchport trunk allowed vlan add 2
S3900-24T4S(config-if)#exit

S5850-32S2Q#configure terminal
S5850-32S2Q(config)# interface vlan 2
S5850-32S2Q(config-if)# ip address 10.1.1.3/24
S5850-32S2Q(config-if)#exit
S5850-32S2Q(config)#interface ethernet-0-23
S5850-32S2Q(config-if)#switchport mode trunk
S5850-32S2Q(config-if)#switchport trunk allowed vlan add 2
S5850-32S2Q(config-if)#exit

Related Articles:

Voice VLAN Configuration on FS S3900 Series Switches
Stack Configuration on FS S3900 Series Switches

Name
All Type
Date
File