HPE Community
Switches, Hubs, and Modems
1752815 Members
4042 Online
108789 Solutions
New Discussion юеВ

How to disable/enable VLAN communication/routing on a Procurve 2900?

 
Frank Pauly
Occasional Contributor

тАО12-28-2008 05:36 AM

тАО12-28-2008 05:36 AM

How to disable/enable VLAN communication/routing on a Procurve 2900?

Hi,

I wonder if it is possible to create a setup using some (non stacked) HP ProCurve 2900 switches, where the connected hosts are able to communicate with one connected server (per IP only) while they (the hosts) are unable to communicate among themselves! (The actual setup is much more complicated (some hosts are connected via trunks and/or to two different switches) but this question is the mother of all my "problems"!)
Because 'port security' does not work across several switches I thought I have to use VLANs: Every host is on a very small IP-subnet using a VLAN. Now I have two options:
- Use VLAN routing into the servers VLAN and IP-subnet.
But I do not find any ACL-configuration facility for the 2900! How do I allow the routing only from the hosts-VLAN into the server-VLAN and NOT from the hosts-VLAN into some other hosts-VLAN? (If I understand it correctly the 2900 only have an all-or-nothing routing.)
- Set the server into all hosts-VLANs
But then the server has to have several IP-addresses (one for each VLAN) and has to "speak" 802.1Q by itself. :-(
Because this server will be a proprietary OS (OnTap of Netapp), I am not sure if it has the ability to do so and which drawbacks might arise.

Do some better ideas of preventing the communication between connected hosts exists?

Thanx a lot for any ideas!
0 Kudos
3 REPLIES 3
Matt Hobbs
Honored Contributor

тАО12-28-2008 05:58 AM

тАО12-28-2008 05:58 AM

Re: How to disable/enable VLAN communication/routing on a Procurve 2900?

Have a look at the source port filters feature.
0 Kudos
Frank Pauly
Occasional Contributor

тАО12-28-2008 07:48 AM

тАО12-28-2008 07:48 AM

Re: How to disable/enable VLAN communication/routing on a Procurve 2900?

Hi Matt,
I did, but I found no way to specify a restriction for the case that port X at switch A isn't allowed to access port Y at switch B.
Is there such a way?? I am very interested in that if that is possible! (Maybe I misunderstood something.)

For a better visualization of my setup I am attaching a small picture of the setup.
The question was: How do I prevent the communication between the Host-systems? Only Host-systems and Storage-systems are allowed to communicate (via IP)! (Maybe there is a way without VLANs (preferred) or a way with VLAN-routing...)

MANY thanks for any ideas,
++frank
0 Kudos
Frank Pauly
Occasional Contributor

тАО01-10-2009 10:00 AM

тАО01-10-2009 10:00 AM

Re: How to disable/enable VLAN communication/routing on a Procurve 2900?

Just in case someone later see this thread and wonders how the solution looks like:
The only way to do this (at least I think so) is the usage of "Overlapping VLANs"! See http://cdn.procurve.com/training/Manuals/2900-AdvTrafficMgmt-Jan2008-59916197.pdf page 2-11

Have fun,
Frank
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.