Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

Traffic/security Filters on 2600 Series

Klaus Lamprecht
Occasional Visitor

Traffic/security Filters on 2600 Series

in the access-security guide chapter 10, page 10-2 i am reading:

>If you configure multinetting within a VLAN >and enable routing on the switch, you can use >source-port filtering to filter traffic >between subnets within the same VLAN.

that is exactly that what i want to do

here is the Config

ip routing
vlan 1
name "Vlan1 "
untagged 1-26
ip address 192.168.2.20 255.255.255.0
ip address 10.0.0.1 255.255.255.0
exit
filter source-port "11" drop 19
filter source-port "19" drop 11

but:
Client (192.168.2.100) on port 11
can still ping
Client (10.0.0.100) on port 19

3 REPLIES
Matt Hobbs
Honored Contributor

Re: Traffic/security Filters on 2600 Series

Unfortunately there is a limitation when it comes to the 2600 and source-port filters when routing is enabled. I haven't tried it when multinetting but I have come across this problem when the clients are on different VLANs.

Do you have another type of switch you can test with? I believe just about any other model ProCurve that supports source-port filtering will achieve what you're after.
Klaus Lamprecht
Occasional Visitor

Re: Traffic/security Filters on 2600 Series

thanks for reply
sure 53xx, 35xx, 54xx will work - also better with ACL, but there is a cost limitation at the actual project so the 26xx was choosen also due to the statement in manual above..
Matt Hobbs
Honored Contributor

Re: Traffic/security Filters on 2600 Series

In that case, I'd recommend you contact HP about this to work out a suitable solution.

Don't forget to assign points to any replies you receive.