https://community.hpe.com/t5/switches-hubs-and-modems/restrict-vlan-routing/m-p/3830806#M8569 Hello,<BR />I know that the 3400 can work with ACL, but I never try it. I hear that's complicated. Here my VLAN config.<BR /><BR />IP Netz Name VLAN-ID<BR />172.18.8.0/21 Zen-VLAN-1 1<BR />10.100.100.0/24 Adm-VLAN-100 100 10.100.101.0/24 GMP-VLAN-101 101<BR />10.100.102.0/24 Fin-VLAN-102 102<BR />10.100.103.0/24 GF-VLAN-103 103<BR />10.100.104.0/24 IT-VLAN-104 104<BR />10.100.105.0/24 SRV-VLAN-105 105<BR /><BR />Default Gateway xxx.yyy.zzz.1<BR /><BR />I add the following IP Addresse to the main Switch<BR />vlan 100 ip address 10.100.100.1/24<BR />vlan 101 ip address 10.100.101.1/24<BR />vlan 102 ip address 10.100.102.1/24<BR />vlan 103 ip address 10.100.103.1/24<BR />vlan 104 ip address 10.100.104.1/24<BR />vlan 105 ip address 10.100.105.1/24<BR />That is also the default Gateway for the VLAN's<BR /><BR />VALN 100-104 routed to VLAN 105 and back, but no routing between VLAN 100-104.<BR /><BR />Can anyone provide examples ACL for denied the VLAN Routing.<BR /><BR />;-)))) Big THX<BR />Stefan Wuswoski<BR /><BR /> Wed, 26 Jul 2006 06:26:49 GMT Stefan Wusowski 2006-07-26T06:26:49Z https://community.hpe.com/t5/switches-hubs-and-modems/restrict-vlan-routing/m-p/3830803#M8566 Hello, <BR />my problem is to restrict the VLAN routing. When I add VLANs to a 3400 switch with IP Adresses and IP Routing is on, then all VLAN can connect in to all VLAN!? That right?<BR />But I don't want that. I have a SRV VLAN and more branch VLANs. I want all branch VLANs to SRV VLAN but no branch VLAN to branch VLAN. How can I configure that?<BR /><BR />THX<BR />Stefan Wusowski Wed, 26 Jul 2006 02:44:11 GMT https://community.hpe.com/t5/switches-hubs-and-modems/restrict-vlan-routing/m-p/3830803#M8566 Stefan Wusowski 2006-07-26T02:44:11Z https://community.hpe.com/t5/switches-hubs-and-modems/restrict-vlan-routing/m-p/3830804#M8567 Have you tried using ACL's to prevent traffic from one IP subnet from getting to another?<BR /><BR />I am sure the 3400cl supports this (Quick check on the procurve website confirms this...) <BR /><BR /> Wed, 26 Jul 2006 05:07:21 GMT https://community.hpe.com/t5/switches-hubs-and-modems/restrict-vlan-routing/m-p/3830804#M8567 Jonathan Axford 2006-07-26T05:07:21Z https://community.hpe.com/t5/switches-hubs-and-modems/restrict-vlan-routing/m-p/3830805#M8568 Hi<BR /><BR />The 3400 is an intellegent switch, so it has Access control lists (ACLs)which can provide IP layer 3 filtering based on source/destination IP address/subnet and source/destination TCP/UDP port number.<BR /><BR />If you can provide your IP addresses for your Vlans, and what exactly the restricyions you need , then we can break it out for you with ACLs.<BR /><BR />Good Luck !!! Wed, 26 Jul 2006 05:54:42 GMT https://community.hpe.com/t5/switches-hubs-and-modems/restrict-vlan-routing/m-p/3830805#M8568 Mohieddin Kharnoub 2006-07-26T05:54:42Z https://community.hpe.com/t5/switches-hubs-and-modems/restrict-vlan-routing/m-p/3830806#M8569 Hello,<BR />I know that the 3400 can work with ACL, but I never try it. I hear that's complicated. Here my VLAN config.<BR /><BR />IP Netz Name VLAN-ID<BR />172.18.8.0/21 Zen-VLAN-1 1<BR />10.100.100.0/24 Adm-VLAN-100 100 10.100.101.0/24 GMP-VLAN-101 101<BR />10.100.102.0/24 Fin-VLAN-102 102<BR />10.100.103.0/24 GF-VLAN-103 103<BR />10.100.104.0/24 IT-VLAN-104 104<BR />10.100.105.0/24 SRV-VLAN-105 105<BR /><BR />Default Gateway xxx.yyy.zzz.1<BR /><BR />I add the following IP Addresse to the main Switch<BR />vlan 100 ip address 10.100.100.1/24<BR />vlan 101 ip address 10.100.101.1/24<BR />vlan 102 ip address 10.100.102.1/24<BR />vlan 103 ip address 10.100.103.1/24<BR />vlan 104 ip address 10.100.104.1/24<BR />vlan 105 ip address 10.100.105.1/24<BR />That is also the default Gateway for the VLAN's<BR /><BR />VALN 100-104 routed to VLAN 105 and back, but no routing between VLAN 100-104.<BR /><BR />Can anyone provide examples ACL for denied the VLAN Routing.<BR /><BR />;-)))) Big THX<BR />Stefan Wuswoski<BR /><BR /> Wed, 26 Jul 2006 06:26:49 GMT https://community.hpe.com/t5/switches-hubs-and-modems/restrict-vlan-routing/m-p/3830806#M8569 Stefan Wusowski 2006-07-26T06:26:49Z https://community.hpe.com/t5/switches-hubs-and-modems/restrict-vlan-routing/m-p/3830807#M8570 Hi<BR /><BR />Your configuration will be:<BR /><BR />1- Create a standard access list:<BR />----------------------------------<BR />3400(config)# access-list 1 deny 10.100.100.1/24<BR />3400(config)# access-list 1 deny 10.100.101.1/24<BR />3400(config)# access-list 1 deny 10.100.102.1/24<BR />3400(config)# access-list 1 deny 10.100.103.1/24<BR />3400(config)# access-list 1 deny 10.100.104.1/24<BR />3400(config)# access-list 1 permit any<BR /><BR />2- Apply it to vlans 100 to 104:<BR />---------------------------------<BR />3400(config)# vlan 100 ip access-group 1 in<BR />3400(config)# vlan 101 ip access-group 1 in<BR />3400(config)# vlan 102 ip access-group 1 in<BR />3400(config)# vlan 103 ip access-group 1 in<BR />3400(config)# vlan 104 ip access-group 1 in<BR /><BR />3- Verify your configuration by Show access-list.<BR /><BR />I hope that will be enough to help :)<BR /><BR />Don't forget to assign points, <BR /><BR />Good Luck !!! Wed, 26 Jul 2006 07:02:40 GMT https://community.hpe.com/t5/switches-hubs-and-modems/restrict-vlan-routing/m-p/3830807#M8570 Mohieddin Kharnoub 2006-07-26T07:02:40Z