ProCurve / ProVision-Based
cancel
Showing results for 
Search instead for 
Did you mean: 

VLAN routing question (route only some) 5406zl

AlexU
Occasional Visitor

VLAN routing question (route only some) 5406zl

Hello,

I'm new to HP Switches and VLAN's and was hoping, that one of you can help me to fix my issue here.

I have a HP 5406zl switch, with 4 VLANs as follows:

ip default-gateway 192.168.19.254
ip route 0.0.0.0 0.0.0.0 192.168.19.254
ip route 172.20.0.0 255.255.255.0 172.19.0.250
ip routing
vlan 1
   name "DEFAULT_VLAN"
   no untagged A1-A6,D12,D24
   untagged A7-A24,B1-B24,C1-C24,D1-D11,D13-D23,E1-E24
   ip address 192.168.19.250 255.255.255.0
   qos dscp 011010
   exit
vlan 10
   name "Guest"
   tagged B7,C10-C11,D1,D3,D13,D15,D21,D23,E1,E3-E4,E6,E11,E13,E15,E19
   ip address 10.0.19.252 255.255.255.0
   exit
vlan 100
   name "VOICE"
   untagged A1-A6,D12
   tagged A7-A24,B1-B24,C1-C24,D21,D23
   ip address 172.19.0.254 255.255.255.0
   qos dscp 101110
   voice
   exit
vlan 200
   name "WAN"
   untagged D24
   tagged D1,D3,D13,D15,E1,E3,E13,E15
   no ip address
   exit

 

I would like to disable routing between the the guest VLAN (10) and the rest, as well as WAN Vlan (200) and the rest.

The traffic between VLAN 1 (default) and the VLAN 100 (Voice) still need to be routed.

Kind regards,

Alex

 

Full config:

Running configuration:

; J8697A Configuration Editor; Created on release #K.16.02.0008
; Ver #0d
hostname "HP-5406zl"
module 1 type j9547a
module 2 type j9547a
module 3 type j9547a
module 4 type j9550a
module 5 type j9550a
qos dscp-map 101110 priority 6
qos protocol arp priority 4
qos type-of-service diff-services
ip default-gateway 192.168.19.254
ip route 0.0.0.0 0.0.0.0 192.168.19.254
ip route 172.20.0.0 255.255.255.0 172.19.0.250
ip routing
interface D1
   name "ESX1-0"
   exit
interface D3
   name "ESX2-0"
   exit
interface D13
   name "ESX1-1"
   exit
interface D15
   name "ESX2-1"
   exit
interface D24
   name "ADSL Modem"
   exit
interface E1
   name "ESX1-3"
   exit
interface E3
   name "ESX2-3"
   exit
interface E13
   name "ESX1-4"
   exit
interface E15
   name "ESX2-4"
   exit
vlan 1
   name "DEFAULT_VLAN"
   no untagged A1-A6,D12,D24
   untagged A7-A24,B1-B24,C1-C24,D1-D11,D13-D23,E1-E24
   ip address 192.168.19.250 255.255.255.0
   qos dscp 011010
   exit
vlan 10
   name "Guest"
   tagged B7,C10-C11,D1,D3,D13,D15,D21,D23,E1,E3-E4,E6,E11,E13,E15,E19
   ip address 10.0.19.252 255.255.255.0
   exit
vlan 100
   name "VOICE"
   untagged A1-A6,D12
   tagged A7-A24,B1-B24,C1-C24,D21,D23
   ip address 172.19.0.254 255.255.255.0
   qos dscp 101110
   voice
   exit
vlan 200
   name "WAN"
   untagged D24
   tagged D1,D3,D13,D15,E1,E3,E13,E15
   no ip address
   exit
no spanning-tree bpdu-throttle
no autorun
no dhcp config-file-update
no dhcp image-file-update
password manager
password operator

 

1 REPLY
Vince-Whirlwind
Honored Contributor

Re: VLAN routing question (route only some) 5406zl

Trunk VLAN10 to your firewall

Remove the VLAN10 IP address from the core switch

Put the VLAN10 default gateway on the firewall.

Change untagged VLAN to tagged on all your inter-switch links

A network core switch is not a security device and shouldn't be used that way.