HPE Community
Switches, Hubs, and Modems
1753534 Members
4896 Online
108795 Solutions
New Discussion юеВ

Re: 5406zl: VLAN Routing between some VLAN's but not others

 
SOLVED
Go to solution
Brian Albertsen
New Member

тАО11-09-2006 03:01 AM

тАО11-09-2006 03:01 AM

5406zl: VLAN Routing between some VLAN's but not others

Hi,

We are considering the 5406zl-48G.

I've been studying the mauals. After enabling IP routing all VLAN can access each other.
That what we want. But wwhat to do I you don't want a VLAN to be able to see/access some of the other VLANS. Like a guest VLAN that will be handled by an external firewall/router.

Is it as simple as not assigning an IP address to that VLAN and then that VLAN isn't routed?
0 Kudos
4 REPLIES 4
Jason Luckett
Frequent Advisor

тАО11-09-2006 08:51 AM

тАО11-09-2006 08:51 AM

Solution

Re: 5406zl: VLAN Routing between some VLAN's but not others

Hi Brian,

Access and inter-communication between VLANS can be controlled by access-lists, which are placed within the VLAN configuration context.

You can control the access and inter-communication between the VLANS like any other access-list either standard or extended, which can be configured to control inbound and outbound traffic.

an example of which is:

To permit inbound traffic to VLAN 10(192.168.10.0/24) routed from IP address 192.168.20./24(VLAN20).

Procurve 5406xl(config)#ip access-list extended test1
Procurve 5406xl(config-ext-nacl)#10 permit ip 192.168.10.0 0.0.0.255 0.0.0.0 255.255.255.255

Procurve 5406xl(config)#vlan 10
Procurve 5406xl(vlan-10)#ip address 192.168.10.1/24
Procurve 5406xl(vlan-10)#ip access-group test1 in

Procurve 5406xl(config)#vlan 20
Procurve 5406xl(vlan-10)#ip address 192.168.20.1/24

Procurve 5406xl(config)#ip routing

I hope this helps.

Jase
Jason Luckett
Frequent Advisor

тАО11-09-2006 09:05 AM

тАО11-09-2006 09:05 AM

Re: 5406zl: VLAN Routing between some VLAN's but not others

Hi Brian,

for further info on the configuration of ACL's for VLANS see module/chapter 7 of the following document;

ftp://ftp.hp.com/pub/networking/software/3500_5400_6200_AdvTrfGde-July2006-59913827.pdf

Regards,

Jase

P.S. if you have any more questions on the 5400zl just post them under this thread.

But I highly recommend the 5400zl, this is an excellent Layer3/4 switch, with a mass of features.
0 Kudos
Matt Hobbs
Honored Contributor

тАО11-09-2006 09:40 AM

тАО11-09-2006 09:40 AM

Re: 5406zl: VLAN Routing between some VLAN's but not others

As you've suggested, the most simple method is actually not assigning an IP address to that VLAN.
OLARU Dan
Trusted Contributor

тАО11-09-2006 10:47 PM

тАО11-09-2006 10:47 PM

Re: 5406zl: VLAN Routing between some VLAN's but not others

Or if you would like to enter that VLAN from time to time (for administrative tasks performed on PCs in that VLAN) you could assign IP, but shutdown the VLAN interface.

The IP of the router that allows internet access for the clients in that VLAN should be the default gateway for these PCs. One link untagged in that VLAN sould go to the router, and the inside interface of the router should have IP in the same subnet with the PCs. That router should not be connected to any other VLAN, so it can't perform inter-VLAN routing.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.