- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- LAN Routing
- >
- HP switch 5800, segmentation
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-29-2015 10:38 AM
06-29-2015 10:38 AM
Hello Folks,
I'm here with a problem, I have on my work 2 switch 5800 ( Core) and 7 1910 access, and I need to segment my local network:
Here is my configuration :
VLANS REDE Switch Acesso Switch Core
---------------------------------------------------------------------------------
1° Vlan 100 172.16.1.0/24 172.16.1.252 172.16.1.253
2° Vlan 200 172.16.2.0/24 172.16.2.252 172.16.2.253
3° Vlan 300 172.16.3.0/24 172.16.3.252 172.16.3.253
4° Vlan 400 172.16.4.0/24 172.16.4.252 172.16.4.253
5° Vlan 500 172.16.5.0/24 172.16.5.252 172.16.5.253
6° Vlan 600 172.16.6.0/24 172.16.6.252 172.16.6.253
7° Vlan 700 172.16.7.0/24 172.16.7.252 172.16.7.253
I need only one floor comunicate with himself, and hp 5800 is routing all of other VLANS, can sameone help-me with this issue ? Thanks all of us !
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-29-2015 05:59 PM
06-29-2015 05:59 PM
Re: HP switch 5800, segmentation
The basic design principle for the segmentation you are describing is to match up the logical segmentation with the physical network:
VLAN100 is used on AccessSwitch1 only
VLAN200 is used on AccessSwitch2 only
etc...
The core switch has all 7 VLANs, with an IP address on each. That IP address is the default gateway for hosts that reside within that VLAN/subnet.
Each VLAN is trunked to a single switch, and each trunk contains a single VLAN.
Your core interface configuration should look like:
interface GigabitEthernet1/0/1
description Link to AccessSwitch1
port link-mode bridge
port link-type trunk
port trunk permit vlan 100
etc...
On each 1910 switch you configure it equivalently.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-30-2015 06:56 AM
06-30-2015 06:56 AM
Re: HP switch 5800, segmentation
Nowadays i use this configuration:
All interfaces Trk1 in trunk mode ( Access Switch ) , and Core switch BridgeAgregation 1 pass only VLAN 100 , VLAN 1 , however i think switch core is routing all packages with inter vlan routing, i will attach my routing table on this answer
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-30-2015 04:50 PM
06-30-2015 04:50 PM
Re: HP switch 5800, segmentation
By default, with IP routing enabled, the 5800 will route packets between any subnet in which it has an IP address.
If you do not want inter-VLAN routing, you can either:
1/ remove all IP addresses from the 5800 (except a management address) and trunk all VLANs to a firewall (or similar) which can properly control access between VLANs.
or
2/ implement access lists on the 5800 to prevent inter-VLAN routing.
If you need proper security, access-lists on a switch aren't the best way to do it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-01-2015 05:53 AM
07-01-2015 05:53 AM
Re: HP switch 5800, segmentation
Thanks for the answer!
Does you have a tutorial to help me how to make this configurations ?
I can do it in graphical web ?
I can't use a firewall to routing all packages, I just bought 5800 to do it, because it is a core switch.
Why can i implement access list ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-01-2015 04:35 PM
07-01-2015 04:35 PM
SolutionMaybe something like:
acl number 100
rule 20 deny ip source 172.16.1.0 0.0.0.255 destination 172.16.2.0 0.0.0.255
rule 30 deny ip source 172.16.1.0 0.0.0.255 destination 172.16.3.0 0.0.0.255
rule 40 deny ip source 172.16.1.0 0.0.0.255 destination 172.16.4.0 0.0.0.255
rule 50 deny ip source 172.16.1.0 0.0.0.255 destination 172.16.5.0 0.0.0.255
rule 60 deny ip source 172.16.1.0 0.0.0.255 destination 172.16.6.0 0.0.0.255
rule 70 deny ip source 172.16.1.0 0.0.0.255 destination 172.16.7.0 0.0.0.255
rule 100 permit ip
interface VLAN100
packet-filter 100 inbound
acl number 200
rule 10 deny ip source 172.16.2.0 0.0.0.255 destination 172.16.1.0 0.0.0.255
rule 30 deny ip source 172.16.2.0 0.0.0.255 destination 172.16.3.0 0.0.0.255
rule 40 deny ip source 172.16.2.0 0.0.0.255 destination 172.16.4.0 0.0.0.255
rule 50 deny ip source 172.16.2.0 0.0.0.255 destination 172.16.5.0 0.0.0.255
rule 60 deny ip source 172.16.2.0 0.0.0.255 destination 172.16.6.0 0.0.0.255
rule 70 deny ip source 172.16.2.0 0.0.0.255 destination 172.16.7.0 0.0.0.255
rule 100 permit ip
interface VLAN200
packet-filter 200 inbound
etc..
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-02-2015 09:55 AM
07-02-2015 09:55 AM
Re: HP switch 5800, segmentation
Thanks,
But Acl block is the only way to segment my network with layer 3 switch ?
Does i have the other way ?
however I understood layer 3 switchs cant "Stop" routing all packages and vlans ?
I'm Glad with your help Thank you so much.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-02-2015 07:15 PM
07-02-2015 07:15 PM
Re: HP switch 5800, segmentation
I guess you could use:
- Super VLAN
- Private VLANs
- VRFs
to achieve separation between VLAN subnets as an alternative to using ACLs.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-06-2015 05:11 AM
07-06-2015 05:11 AM
Re: HP switch 5800, segmentation
Ok I will try something, if someone know how to segment layer 3 switch by using only vlan, post here the solution
Thanks so much Vince !