I have two 5300 series procurve switches with 2 static (not including default) VLANs defined. I need to accomplish two tasks: 1) enable a host (and only that host) from vlan-a to access a host (and only that host) on vlan -b
and
2) enable all hosts on vlan-b to access a host (printer - an of course, only that printer) on vlan-a
I could do it through an external router/firewall device, but would rather have it performed internally in the switches... any help is much appreciated...
access-list 101 permit ip host a.b.c.d host e.f.g.h access-list 101 permit ip any host e.f.g.i
then
vlan a access-group 101 in
where a.b.c.d is the ip address of the vlan-a host and e.f.g.h is the IP address of the vlan-b host from 1)
e.f.g.i is the IP address of the printer.
a is the vlan number of vlan -a
The list has an implicit deny ip any any at the end so that's all the traffic it will pass at layer 3. If there were a router with connection to the internet involved then we would need to add
access-list 101 deny ip any e.f.g.0 0.0.0.255 access-list 101 permit ip any any
