- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- LAN Routing
- >
- ACLs to permit routing only between pairs of VLANs
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-27-2011 02:43 PM
06-27-2011 02:43 PM
ACLs to permit routing only between pairs of VLANs
Hi all
I'm a bit confused about ACLs and routing with an E5406zl. Any help and ideas appreciated.
I have 4 VLANs connected to an E5406zl.
vlan 30
name "OFFICE"
ip address 10.30.10.11 255.255.255.0
exit
vlan 31
name "OFFICE_NLB"
ip address 10.31.10.11 255.255.255.0
exit
vlan 40
name "SERVER"
ip address 10.40.10.11 255.255.255.0
exit
vlan 41
name "SERVER_NLB"
ip address 10.41.10.11 255.255.255.0
exit
VLANs 31 and 41 are connected to my Microsoft TMG firewalls.
I use NLB to have a redundant setup for my TMG firewalls.
I need these separate NLB VLANs, to prevent flooding of ARP multicasts into the OFFICE and SERVER VLANs.
I want the traffic to flow like this:
Workstation > 30 > 31 > TMG > 41 > 40 > Server
and vice versa.
Traffic must not flow like this:
Workstation > 30 > 40 > Server
Actually I want to allow any traffic only between 30 and 31 but no other VLAN.
And between 40 and 41 but no other VLAN.
What routes and ACLs would i need?
Or am I on a wrong way?
Thanks in advance
Bouli
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-27-2011 03:11 PM
06-27-2011 03:11 PM
Re: ACLs to permit routing only between pairs of VLANs
I think you will need to apply access-list like this:
But I don't remember the exact commands.
Vlan 30
access-list permit 10.31.10.0 0.255.255.255
Vlan 31
access-list permit 10.30.10.0 0.255.255.255
Vlan 40
access-list permit 10.41.10.0 0.255.255.255
Vlan 41
access-list permit 10.40.10.0 0.255.255.255
Best regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-28-2011 06:10 AM
06-28-2011 06:10 AM
Re: ACLs to permit routing only between pairs of VLANs
Hi Luciano
I forgot to mention that my Firewall will route the traffic between 31 and 41, I don't want to use NAT.
I know the commands for the ACLs, but I think I can't distinguish if a packet is coming from 30 directly to 40 or via Firewall from 41 to 40.
Example Packet:
Source: 10.30.10.210
Destination: 10.40.10.35
Doesn’t the packet looks the same when it flows from 30 to 40 as if it flows from 41 to 40?
And if I understand ACLs right, they will only inspect the source and destination addresses of the packet. There seems no way to say allow traffic only between VLAN 30 and 31 no matter what the source and destination of the packets are?
Regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-28-2011 05:09 PM
06-28-2011 05:09 PM
Re: ACLs to permit routing only between pairs of VLANs
Hello bouli3,
Coud you attach the topology you are using on your network so we can analyse and try to sugest a solution ?
Best Regards,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-29-2011 10:19 AM
06-29-2011 10:19 AM
Re: ACLs to permit routing only between pairs of VLANs
Hi, I attached a topology picture. Best Regards