topic Vlan Routing Issue in Switches, Hubs, and Modems https://community.hpe.com/t5/switches-hubs-and-modems/vlan-routing-issue/m-p/4210516#M14439 Hi All.<BR /><BR />I'm setting up a 5300xl switch for a shared environment, where each vlan must NOT be able to see any other vlan apart from the vlan with the router in it.<BR /><BR />Config is as follows:<BR /><BR />Running configuration:<BR /><BR />; J4819A Configuration Editor; Created on release #E.10.37<BR /><BR />hostname "HP ProCurve Switch 5308xl" <BR />module 2 type J4820B <BR />module 3 type J4820B <BR />module 4 type J4820B <BR />module 5 type J4820B <BR />module 7 type J4820B <BR />module 8 type J4820B <BR />ip routing <BR />snmp-server community "public" Unrestricted <BR />vlan 1 <BR /> name "DEFAULT_VLAN" <BR /> untagged B1-B24,C1-C24,D1-D24,E5-E24,G1-G24,H1-H14 <BR /> ip address 192.168.1.2 255.255.255.0 <BR /> no untagged E1-E4,H15-H24 <BR /> exit <BR />vlan 2 <BR /> name "systemcore" <BR /> untagged H15-H23<BR /> ip address 172.20.1.30 255.255.255.224 <BR /> exit <BR />vlan 3 <BR /> name "dirtyserve" <BR /> untagged H24 <BR /> ip address 172.20.0.253 255.255.255.248 <BR /> exit <BR />vlan 4 <BR /> name "rm212-213" <BR /> untagged E1-E4 <BR /> ip address 172.20.2.254 255.255.255.0 <BR /> ip helper-address 172.20.1.1 <BR /> exit <BR />ip route 0.0.0.0 0.0.0.0 172.20.0.254 <BR />password manager<BR /><BR />a sh ip route shows: <BR /><BR />HP ProCurve Switch 5308xl# sh ip route<BR /><BR /> IP Route Entries<BR /><BR /> Destination Gateway VLAN Type Sub-Type Metric Dist.<BR /> ------------------ --------------- ---- --------- ---------- ---------- -----<BR /> 0.0.0.0/0 172.20.0.254 3 static 1 1 <BR /> 127.0.0.0/8 reject static 0 250 <BR /> 127.0.0.1/32 lo0 connected 0 0 <BR /> 172.20.0.248/29 dirtyserve 3 connected 0 0 <BR /> 172.20.1.0/27 systemcore 2 connected 0 0 <BR /> 172.20.2.0/24 rm212-213 4 connected 0 0 <BR /><BR />now ideally I would like it that each vlan can see the internet, but the vlans cannot see each other (obviously with the exception of IP helpers)<BR /><BR />I'm sure I'm missing something really simple with the config I have.<BR /><BR />I have tried removing the IP address from the vlan, but that also stops internet access.<BR /><BR />all ideas appreciated.<BR /> Wed, 04 Jun 2008 12:52:03 GMT Mike Hyslop 2008-06-04T12:52:03Z Vlan Routing Issue https://community.hpe.com/t5/switches-hubs-and-modems/vlan-routing-issue/m-p/4210516#M14439 Hi All.<BR /><BR />I'm setting up a 5300xl switch for a shared environment, where each vlan must NOT be able to see any other vlan apart from the vlan with the router in it.<BR /><BR />Config is as follows:<BR /><BR />Running configuration:<BR /><BR />; J4819A Configuration Editor; Created on release #E.10.37<BR /><BR />hostname "HP ProCurve Switch 5308xl" <BR />module 2 type J4820B <BR />module 3 type J4820B <BR />module 4 type J4820B <BR />module 5 type J4820B <BR />module 7 type J4820B <BR />module 8 type J4820B <BR />ip routing <BR />snmp-server community "public" Unrestricted <BR />vlan 1 <BR /> name "DEFAULT_VLAN" <BR /> untagged B1-B24,C1-C24,D1-D24,E5-E24,G1-G24,H1-H14 <BR /> ip address 192.168.1.2 255.255.255.0 <BR /> no untagged E1-E4,H15-H24 <BR /> exit <BR />vlan 2 <BR /> name "systemcore" <BR /> untagged H15-H23<BR /> ip address 172.20.1.30 255.255.255.224 <BR /> exit <BR />vlan 3 <BR /> name "dirtyserve" <BR /> untagged H24 <BR /> ip address 172.20.0.253 255.255.255.248 <BR /> exit <BR />vlan 4 <BR /> name "rm212-213" <BR /> untagged E1-E4 <BR /> ip address 172.20.2.254 255.255.255.0 <BR /> ip helper-address 172.20.1.1 <BR /> exit <BR />ip route 0.0.0.0 0.0.0.0 172.20.0.254 <BR />password manager<BR /><BR />a sh ip route shows: <BR /><BR />HP ProCurve Switch 5308xl# sh ip route<BR /><BR /> IP Route Entries<BR /><BR /> Destination Gateway VLAN Type Sub-Type Metric Dist.<BR /> ------------------ --------------- ---- --------- ---------- ---------- -----<BR /> 0.0.0.0/0 172.20.0.254 3 static 1 1 <BR /> 127.0.0.0/8 reject static 0 250 <BR /> 127.0.0.1/32 lo0 connected 0 0 <BR /> 172.20.0.248/29 dirtyserve 3 connected 0 0 <BR /> 172.20.1.0/27 systemcore 2 connected 0 0 <BR /> 172.20.2.0/24 rm212-213 4 connected 0 0 <BR /><BR />now ideally I would like it that each vlan can see the internet, but the vlans cannot see each other (obviously with the exception of IP helpers)<BR /><BR />I'm sure I'm missing something really simple with the config I have.<BR /><BR />I have tried removing the IP address from the vlan, but that also stops internet access.<BR /><BR />all ideas appreciated.<BR /> Wed, 04 Jun 2008 12:52:03 GMT https://community.hpe.com/t5/switches-hubs-and-modems/vlan-routing-issue/m-p/4210516#M14439 Mike Hyslop 2008-06-04T12:52:03Z Re: Vlan Routing Issue https://community.hpe.com/t5/switches-hubs-and-modems/vlan-routing-issue/m-p/4210517#M14440 You'll need to create some access control lists to do this. I would deny the other VLANs IP address ranges and permit ip any any to allow Internet access, and then apply it incoming to each VLAN.<BR /><BR />e.g.<BR />deny ip any 192.168.1.0/24<BR />permit ip any any<BR /><BR />That's not complete but it should get you started. Wed, 04 Jun 2008 13:55:22 GMT https://community.hpe.com/t5/switches-hubs-and-modems/vlan-routing-issue/m-p/4210517#M14440 Matt Hobbs 2008-06-04T13:55:22Z