- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Comware Based
- >
- A5500 EI Inter VLAN Routing
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-15-2016 03:30 PM
тАО09-15-2016 03:30 PM
First post so please forgive me if it's in the wrong place. I have a small problem with inter vlanning on my a5500.
It may largely be lack of knowledge so any help would be greatly appreciated.
In short, my scenario is that I have a fully working network using a single A5500 as the only switch and gateway.
We have a a few vlans, for easy explaining let's call them "100" and "200".
The problem we have is that devices attached to these vlans can ping devices on the other vlans. They can also use windows explorer to browse to them with credentials, although granted the user would need to know the ip of the other device and the credentials.
I believe they can talk to each other because the A5500 is allowing inter vlan traffic.
My question is, can this be prevented so they cannot talk to each other at all? They would obviously still need to use the A5500 as the gateway.
I hope that makes sense and is clear enough.
Thank you.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-15-2016 05:28 PM
тАО09-15-2016 05:28 PM
SolutionThe 5500 is a switch, not a firewall.
If you have two subnets that require a security gateway between them, then you should be trunking those VLANs to the security gateway.
If the concern is that users on one subnet should not have access to resources on another subnet, then the answer is - as you have pointed out - authentication and authorisation on the actual devices themselves.
Having said that, if you absolutely have to do it, you can put access lists on the switch.
Subnet1 --> Subnet2 = Deny
And vice-versa.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-16-2016 02:43 AM
тАО09-16-2016 02:43 AM
Re: A5500 EI Inter VLAN Routing
Hi Vince,
Thanks very much for getting back to me, most appreciated.
That makes things a little clearer I believe.
Ideally we would like them to be isolated and just have gateway access and not cross VLAN access.
Sounds like we need to do this using ACL configuration.
Not 100% sure where these settings reside on the switch but I'll do some digging and see if I can locate where this needs to be set etc and do some testing.
Thank you for your help.
Kind Regards,
Boseley
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-16-2016 10:32 AM
тАО09-16-2016 10:32 AM
Re: A5500 EI Inter VLAN Routing
Howdy,
Does your internet / WAN gateway live on a third subnet?
If not, I would segregate the external gateway onto its own network befor eyou do any thing else as that will make the ACL configurations easier and you won't be mixing "end user" and "gateway" nodes in the same subnet
Thanks
Ian
## ---------------------------------------------------------------------------##
Which is the only cheese that is made backwards?
Edam!
Tweets: @2techie4me
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-16-2016 12:28 PM
тАО09-16-2016 12:28 PM
Re: A5500 EI Inter VLAN Routing
We think we've got it mapped in our heads now and will bare in mind the separation advice. Appreciate your input thanks.