- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- LAN Routing
- >
- Re: Isolate VLAN
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-18-2021 03:46 AM
тАО03-18-2021 03:46 AM
Hello,
Please excuse me, for my english, but I'm French.
I look for isolate 2 VLANs.
I configure the HPE 5100 (Comware) as below :
<HPE> VLAN 34
name "Backup"
<HPE> VLAN 35
name "Technician"
<HPE>Interface vlan-interface 34
ip address 192.168.34.254 255.255.255.0
<HPE> Interface vlan-interface 35
ip address 192.168.35.254 255.255.255.0
<HPE>Interface GigabitEthernet 1/0/1
port link-type hybrid
port hybrid vlan 35 untagged
port hybrid pvid vlan 35
no port hybrid vlan 1
<HPE>Interface GigabitEthernet 1/0/2
port link-type hybrid
port hybrid vlan 35 untagged
port hybrid pvid vlan 35
no port hybrid vlan 1
<HPE>Interface GigabitEthernet 1/0/45
port link-type hybrid
port hybrid vlan 34 untagged
port hybrid pvid vlan 34
no port hybrid vlan 1
For Simplify
VLAN 34 :
Server1 = 192.168.34.1
VLAN 35:
PC 1 = 192.168.35.1
PC2 = 192.168.35.2
When I ping server 1 with the PC 1 or PC 2, I get a reply.
I would like to know, how to do it for isolate the 2 VLANs ?
Thank You
Regards,
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-18-2021 08:40 AM
тАО03-18-2021 08:40 AM
SolutionHi @fouji !
Yes, you are right, by default the switch will forward traffic between all its Vlan-interfaces with no restriction. Since you need to isolate both VLANs on Layer 3, the best approach will be to use ACLs. Depending what exactly you need to achieve, this ACL (or multiple ACLs) may look differently, but I will share a basic configuration that will help you to achieve what you need:
system-view
acl advanced 3000
rule 10 deny ip destination 192.168.34.0 0.0.0.255
rule 20 permit ip
quit
inteface Vlan-interface35
packet-filter 3000 inbound
return
This configuration will drop all traffic from Vlan35 destined to Vlan34, but will allow the rest of the traffic, like Internet connection, routing to other Vlans etc. Just keep in mind that traffic from Vlan35 hosts to IP address of Vlan-interface34 (192.168.34.254) will probably be allowed (that depends on platform), but for sure it will be dropped to all hosts in Vlan34.
Hope this helps!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-19-2021 05:48 AM
тАО03-19-2021 05:48 AM
Re: Isolate VLAN
Thank you very much, it's work perfectly