Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

5406zl switch and WAP 530 Wireless, VLAN, security issues

mafsysadmin
Occasional Visitor

5406zl switch and WAP 530 Wireless, VLAN, security issues

Please bear with me, I am far from an expert when dealing with VLANS.
Here is our scenario. We have 3 HP 5406zl switches which we are in the process of setting up VLANS. The first phase of this project is configuring our HP WAP 530 devices for both â publicâ (internet access only) and â privateâ connections. We would like to have the public and private networks on 2 different IP scopes.
I have the VLANs setup and right now and have successfully setup the WAPâ s for the most part. The one problem I am running into is we do not want to let the â publicâ wireless communicate with our â privateâ network. However we do need communication between the â publicâ VLAN the DHCP server, and firewall which is on the â privateâ network/VLAN. I hope that makes sense. Currently I can ping the private network resources when I am connected to the public wireless system, I only want necessary communication with DHCP server and firewall no other resources.
Is there a way to restrict on the VLAN level communication between one entire VLAN and a set of ports. This way we could still allow communication between the ports that the DHCP server is on. What would be the specific commands for this?


VLAN â 1(private) = 172.200.x.x
This VLAN is currently the flat default VLAN that has all servers, firewall and workstations. DHCP server = 172.200.1.15

VLAN â 19(public) = 192.192.168.x
This VLAN is strictly for public internet access for guests. Only needs to get DHCP from default VLAN 1

Here is a little map:

Firewall - 172.200.0.1
|
Switch 1 5406zl - VLAN 1 = 172.200.1.101, VLAN 19 = 192.192.168.1
|
Port B1(port the WAP is plugged into on the switch)
|
WAP 530 â SSID Private VLAN 1= 172.200.x.x
- SSID Public VLAN 19 = 192.192.168.x


I have also attached our switch configuration.

Thanks so much.
1 REPLY
mafsysadmin
Occasional Visitor

Re: 5406zl switch and WAP 530 Wireless, VLAN, security issues

Sorry for the wierd formatting issues in the first post. Here is the body in an easier to read format:


Please bear with me, I am far from an expert when dealing with VLANS.

Here is our scenario. We have 3 HP 5406zl switches which we are in the process of setting up VLANS. The first phase of this project is configuring our HP WAP 530 devices for both PUBLIC(internet access only) and PRIVATE connections. We would like to have the public and private networks on 2 different IP scopes.

I have the VLANs setup and right now and have successfully setup the WAP's for the most part. The one problem I am running into is we do not want to let the PUBLLIC wireless communicate with our PRIVATE network. However we do need communication between the PUBLIC VLAN the DHCP server, and firewall which is on the PRIVATE network/VLAN. I hope that makes sense. Currently I can ping the private network resources when I am connected to the public wireless system, I only want necessary communication with DHCP server and firewall no other resources.

Is there a way to restrict on the VLAN level communication between one entire VLAN and a set of ports. This way we could still allow communication between the ports that the DHCP server is on. What would be the specific commands for this?


VLAN - 1(private) = 172.200.x.x
This VLAN is currently the flat default VLAN that has all servers, firewall and workstations. DHCP server = 172.200.1.15

VLAN - 19(public) = 192.192.168.x
This VLAN is strictly for public internet access for guests. Only needs to get DHCP from default VLAN 1

Here is a little map:

Firewall - 172.200.0.1
|
Switch 1 5406zl - VLAN 1 = 172.200.1.101, VLAN 19 = 192.192.168.1
|
Port B1(port the WAP is plugged into on the switch)
|
WAP 530 - SSID Private VLAN 1= 172.200.x.x
- SSID Public VLAN 19 = 192.192.168.x


I have also attached our switch configuration.

Thanks so much.