Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

2910 ip routing

xpa
Occasional Advisor

2910 ip routing

When i enable ip routing on a 2910al switch every vlans comunicate each others, as a stupid hub.

 

The first versions of this switch allow to define by ip rip the vlans we want to communicate to, instead of full vlan open ports.

 

Anyway i suppose when you forbid a port on vlan port assigment it could not reach these vlan. But it does.

 

So why creating vlans, if then become full opened when we give it an ip address?

 

What is the way to deny some vlans to others, and leave others accessible?

 

Thanks in advance

 

pedro

 

 

 

1 REPLY
showneek
Respected Contributor

Re: 2910 ip routing

Hi,

 

if you enable ip routing feature on the switch it automatically provides routing to the networks in its routing table. So if you create some VLANs, give them the IP address, these VLANs are as local networks and are presented in routing table so switch will provide routing between them.

 

If you want to limit traffic between VLANs you have to create access control lists (ACLs) on routing device. ACL allows to setup the rules and to filter the specific traffic on the switch. But I'm afraid and think that 2910 has only port based ACLs and that is not ideal to filter traffic between VLAN interfaces as routed ACLs in other models of switches.

 

And why create VLANs? It is not only to isolate traffic for security reasons. By creating VLANs you divide the network to smaller L2 domains, reduce broadcast domains, etc.

 

Regards,

Jan