HPE Community
Switches, Hubs, and Modems
1753867 Members
7164 Online
108809 Solutions
New Discussion

5406zl switch and WAP 530 Wireless, VLAN, security issues

 
mafsysadmin
New Member

‎10-23-2007 04:16 AM

‎10-23-2007 04:16 AM

5406zl switch and WAP 530 Wireless, VLAN, security issues

Please bear with me, I am far from an expert when dealing with VLANS.
Here is our scenario. We have 3 HP 5406zl switches which we are in the process of setting up VLANS. The first phase of this project is configuring our HP WAP 530 devices for both â publicâ (internet access only) and â privateâ connections. We would like to have the public and private networks on 2 different IP scopes.
I have the VLANs setup and right now and have successfully setup the WAPâ s for the most part. The one problem I am running into is we do not want to let the â publicâ wireless communicate with our â privateâ network. However we do need communication between the â publicâ VLAN the DHCP server, and firewall which is on the â privateâ network/VLAN. I hope that makes sense. Currently I can ping the private network resources when I am connected to the public wireless system, I only want necessary communication with DHCP server and firewall no other resources.
Is there a way to restrict on the VLAN level communication between one entire VLAN and a set of ports. This way we could still allow communication between the ports that the DHCP server is on. What would be the specific commands for this?


VLAN â 1(private) = 172.200.x.x
This VLAN is currently the flat default VLAN that has all servers, firewall and workstations. DHCP server = 172.200.1.15

VLAN â 19(public) = 192.192.168.x
This VLAN is strictly for public internet access for guests. Only needs to get DHCP from default VLAN 1

Here is a little map:

Firewall - 172.200.0.1
|
Switch 1 5406zl - VLAN 1 = 172.200.1.101, VLAN 19 = 192.192.168.1
|
Port B1(port the WAP is plugged into on the switch)
|
WAP 530 â SSID Private VLAN 1= 172.200.x.x
- SSID Public VLAN 19 = 192.192.168.x


I have also attached our switch configuration.

Thanks so much.
0 Kudos
1 REPLY 1
mafsysadmin
New Member

‎10-23-2007 04:27 AM

‎10-23-2007 04:27 AM

Re: 5406zl switch and WAP 530 Wireless, VLAN, security issues

Sorry for the wierd formatting issues in the first post. Here is the body in an easier to read format:


Please bear with me, I am far from an expert when dealing with VLANS.

Here is our scenario. We have 3 HP 5406zl switches which we are in the process of setting up VLANS. The first phase of this project is configuring our HP WAP 530 devices for both PUBLIC(internet access only) and PRIVATE connections. We would like to have the public and private networks on 2 different IP scopes.

I have the VLANs setup and right now and have successfully setup the WAP's for the most part. The one problem I am running into is we do not want to let the PUBLLIC wireless communicate with our PRIVATE network. However we do need communication between the PUBLIC VLAN the DHCP server, and firewall which is on the PRIVATE network/VLAN. I hope that makes sense. Currently I can ping the private network resources when I am connected to the public wireless system, I only want necessary communication with DHCP server and firewall no other resources.

Is there a way to restrict on the VLAN level communication between one entire VLAN and a set of ports. This way we could still allow communication between the ports that the DHCP server is on. What would be the specific commands for this?


VLAN - 1(private) = 172.200.x.x
This VLAN is currently the flat default VLAN that has all servers, firewall and workstations. DHCP server = 172.200.1.15

VLAN - 19(public) = 192.192.168.x
This VLAN is strictly for public internet access for guests. Only needs to get DHCP from default VLAN 1

Here is a little map:

Firewall - 172.200.0.1
|
Switch 1 5406zl - VLAN 1 = 172.200.1.101, VLAN 19 = 192.192.168.1
|
Port B1(port the WAP is plugged into on the switch)
|
WAP 530 - SSID Private VLAN 1= 172.200.x.x
- SSID Public VLAN 19 = 192.192.168.x


I have also attached our switch configuration.

Thanks so much.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.