- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- Re: How to filter traffic between 2 subnets on the...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-09-2015 02:56 AM
07-09-2015 02:56 AM
How to filter traffic between 2 subnets on the same VLAN
Hi,
I want to create 2 subnets in same VLAN and users in the 2 subnets should not be able to send traffic to each other.
I have managed so far to assign a secondary IP on the VLAN interface on the L3 Switch but i am not able to stop the subnet users from sending traffic to each other, i tried creating an ACL which filters the traffic between the 2 subnets and want to apply it on the VLAN interface for the inbound traffic but i just cant find the command to apply the ACL on the interface.
Please check the ACL below
acl number 3000
rule 0 deny ip source 10.11.40.0 0.0.3.255 destination 10.11.44.0 0.0.3.255
rule 5 deny ip source 10.11.44.0 0.0.3.255 destination 10.11.40.0 0.0.3.255
rule 10 permit ip any any
H3C Comware Platform Software
Comware Software, Version 5.20, Release 6605P03
Q1. Can i use an ACL on a VLAN interface to filter traffic between two subnets on the same VLAN
Q2. If Q1 is correct then i want to know how i can apply this ACL on the interface as i am not able to find a command to do this.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-09-2015 10:21 PM
07-09-2015 10:21 PM
Re: How to filter traffic between 2 subnets on the same VLAN
I've never tried it, but I would expect it to work, as the packets have to be routed on the VLAN interface to go between subnets regardless what VLAN they are on.
interface vlan1
packet-filter name 3000 inbound
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-10-2015 01:05 AM
07-10-2015 01:05 AM
Re: How to filter traffic between 2 subnets on the same VLAN
Hi, Thanks for your response. I agree with you but my problem is i just cant seem to find a command to apply the ACL on the VLAN interface or the interface itself. Pls check below
[NUB_CORE]inter Vlan-interface 1
[NUB_CORE-Vlan-interface1]pack
[NUB_CORE-Vlan-interface1]p?
pim
ping
portal
proxy-arp
I have checked online and i read that on S7500 series we have to go into 'qos' option check below
Index no. 24 ACL CONFIGURATION
To do...
Use the command...
Remarks
Enter system view
system-view
—
Enter Ethernet port view
interface interface-typeinterface-number
—
Enter QoS view
qos
—
Apply an ACL on the port
packet-filter { inbound |outbound } acl-rule [system-index ] [ not-care-for-interface ]
Required
This command is supported by Type A LPUs.
packet-filter inbound acl-rule [ system-index ]
Required
This command is supported by LPUs other than Type A.
Display information about ACLs applied to a port or all ports.
display acl running-packet-filter { all | interfaceinterface-type interface-number }
Optional
This command can be executed in any view.
Check what i get when i type qos on both vlan interface as well as the physical interface
[NUB_CORE]interface vlan 40
[NUB_CORE-Vlan-interface40]qos ?
apply Apply specific QoS policy on interface
[NUB_CORE-Vlan-interface40]quit
[NUB_CORE]inter gi 8/0/2
[NUB_CORE-GigabitEthernet8/0/2]qos
[NUB_CORE-GigabitEthernet8/0/2]qos ?
apply Apply specific QoS policy on interface
bandwidth Queue bandwidth
gts Apply GTS(Generic Traffic Shaping) policy on interface
lr Apply LR(Line Rate) policy on physical interface
priority Configure port priority
sp Configure strict priority queue
trust Configure priority trust mode
wfq Configure weighted fair queue
wred Apply WRED(Weighted Random Early Detection) configuration
information
wrr Configure weighted round robin queue
[NUB_CORE-GigabitEthernet8/0/2]qos
Can this be problem with the firmware or i am just not able to find the command to configure it on this version
Please help.
[NUB_CORE]disp version
H3C Comware Platform Software
Comware Software, Version 5.20, Release 6605P03
Copyright (c) 2004-2009 Hangzhou H3C Tech. Co., Ltd. All rights reserved.
H3C S7506E uptime is 11 weeks, 4 days, 18 hours, 35 minutes
MPU(M) 0:
Uptime is 11 weeks,4 days,18 hours,35 minutes
H3C S7506E MPU(M) with 1 BCM1125H Processor
BOARD TYPE: LSQ1SRP12GB
DRAM: 512M bytes
FLASH: 64M bytes
NVRAM: 512K bytes
PCB 1 Version: VER.B
PCB 2 Version: VER.B
Bootrom Version: 301
CPLD 1 Version: 002
CPLD 2 Version: 003
Release Version: H3C S7506E-6605P03
Patch Version : None
MPU(M) 1:
Uptime is 11 weeks,4 days,18 hours,35 minutes
H3C S7506E MPU(S) with 1 BCM1125H Processor
BOARD TYPE: LSQ1SRP12GB
DRAM: 512M bytes
FLASH: 64M bytes
NVRAM: 512K bytes
PCB 1 Version: VER.B
PCB 2 Version: VER.B
Bootrom Version: 301
CPLD 1 Version: 002
CPLD 2 Version: 003
Release Version: H3C S7506E-6605P03
Patch Version : None
Slot 2 Without Board
Slot 3 Without Board
Slot 4 Without Board
Slot 5 Without Board
Slot 6 Without Board
Slot 7 Without Board
LPU 8:
Uptime is 11 weeks,4 days,18 hours,34 minutes
H3C S7506E LPU with 1 BCM1122 Processor
BOARD TYPE: SRP12GBSLAVE
DRAM: 512M bytes
FLASH: 0M bytes
NVRAM: 0K bytes
PCB 1 Version: NA
Bootware Version: 303
CPLD 1 Version: NA
Release Version: H3C S7506E-6605P03
Patch Version : None
LPU 9:
Uptime is 11 weeks,4 days,18 hours,35 minutes
H3C S7506E LPU with 1 BCM1122 Processor
BOARD TYPE: SRP12GBSLAVE
DRAM: 512M bytes
FLASH: 0M bytes
NVRAM: 0K bytes
PCB 1 Version: NA
Bootware Version: 303
CPLD 1 Version: NA
Release Version: H3C S7506E-6605P03
Patch Version : None
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-15-2015 09:00 PM
07-15-2015 09:00 PM
Re: How to filter traffic between 2 subnets on the same VLAN
Hi, Please confirm could this be a firmware problem.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-15-2015 09:22 PM
07-15-2015 09:22 PM
Re: How to filter traffic between 2 subnets on the same VLAN
Show us your full config.
Do you have IP routing enabled?