- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Aruba & ProVision-based
- >
- VLAN routing question (route only some) 5406zl
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-15-2016 05:06 PM
08-15-2016 05:06 PM
VLAN routing question (route only some) 5406zl
Hello,
I'm new to HP Switches and VLAN's and was hoping, that one of you can help me to fix my issue here.
I have a HP 5406zl switch, with 4 VLANs as follows:
ip default-gateway 192.168.19.254 ip route 0.0.0.0 0.0.0.0 192.168.19.254 ip route 172.20.0.0 255.255.255.0 172.19.0.250 ip routing
vlan 1 name "DEFAULT_VLAN" no untagged A1-A6,D12,D24 untagged A7-A24,B1-B24,C1-C24,D1-D11,D13-D23,E1-E24 ip address 192.168.19.250 255.255.255.0 qos dscp 011010 exit vlan 10 name "Guest" tagged B7,C10-C11,D1,D3,D13,D15,D21,D23,E1,E3-E4,E6,E11,E13,E15,E19 ip address 10.0.19.252 255.255.255.0 exit vlan 100 name "VOICE" untagged A1-A6,D12 tagged A7-A24,B1-B24,C1-C24,D21,D23 ip address 172.19.0.254 255.255.255.0 qos dscp 101110 voice exit vlan 200 name "WAN" untagged D24 tagged D1,D3,D13,D15,E1,E3,E13,E15 no ip address exit
I would like to disable routing between the the guest VLAN (10) and the rest, as well as WAN Vlan (200) and the rest.
The traffic between VLAN 1 (default) and the VLAN 100 (Voice) still need to be routed.
Kind regards,
Alex
Full config:
Running configuration: ; J8697A Configuration Editor; Created on release #K.16.02.0008 ; Ver #0d hostname "HP-5406zl" module 1 type j9547a module 2 type j9547a module 3 type j9547a module 4 type j9550a module 5 type j9550a qos dscp-map 101110 priority 6 qos protocol arp priority 4 qos type-of-service diff-services ip default-gateway 192.168.19.254 ip route 0.0.0.0 0.0.0.0 192.168.19.254 ip route 172.20.0.0 255.255.255.0 172.19.0.250 ip routing interface D1 name "ESX1-0" exit interface D3 name "ESX2-0" exit interface D13 name "ESX1-1" exit interface D15 name "ESX2-1" exit interface D24 name "ADSL Modem" exit interface E1 name "ESX1-3" exit interface E3 name "ESX2-3" exit interface E13 name "ESX1-4" exit interface E15 name "ESX2-4" exit vlan 1 name "DEFAULT_VLAN" no untagged A1-A6,D12,D24 untagged A7-A24,B1-B24,C1-C24,D1-D11,D13-D23,E1-E24 ip address 192.168.19.250 255.255.255.0 qos dscp 011010 exit vlan 10 name "Guest" tagged B7,C10-C11,D1,D3,D13,D15,D21,D23,E1,E3-E4,E6,E11,E13,E15,E19 ip address 10.0.19.252 255.255.255.0 exit vlan 100 name "VOICE" untagged A1-A6,D12 tagged A7-A24,B1-B24,C1-C24,D21,D23 ip address 172.19.0.254 255.255.255.0 qos dscp 101110 voice exit vlan 200 name "WAN" untagged D24 tagged D1,D3,D13,D15,E1,E3,E13,E15 no ip address exit no spanning-tree bpdu-throttle no autorun no dhcp config-file-update no dhcp image-file-update password manager password operator
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-15-2016 05:35 PM
08-15-2016 05:35 PM
Re: VLAN routing question (route only some) 5406zl
Trunk VLAN10 to your firewall
Remove the VLAN10 IP address from the core switch
Put the VLAN10 default gateway on the firewall.
Change untagged VLAN to tagged on all your inter-switch links
A network core switch is not a security device and shouldn't be used that way.