Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

VLAN isolation

Tate Harmann
Occasional Visitor

VLAN isolation

Hello,
I'm using a 5412zl and I would like to configure a vlan to act as a complete seperate switch with it's own mac database. Is this possible? I have ports A1-A5 configured as an untagged vlan 2, the rest of the switch ports are in the default vlan 1. The devices in vlan 2 connect to a wan optimization device which connects back to vlan 1. This device doesn't route traffic, it basically just passes packets through after optimizing what it can. All devices on vlan 1 and 2 are in the same subnet...the problem is that devices in vlan 2 get their mac addresses added twice into the switch's main mac database, once from the port the device is connected to in vlan 2 and again from the port of the wan optimizer that's plugged into vlan 1. This creates some unique problems. It works fine when I use another switch and plug everything from vlan 2 into it and then uplink it to the 5412zl, but I would like to do everything in one switch if possible. Any suggestions are welcome.

Thanks,
Tate
2 REPLIES
Tate Harmann
Occasional Visitor

Re: VLAN isolation

I found this in the vlan documentation:
Single Forwarding Database Operation
When a packet arrives with a destination MAC address that matches a MAC
address in the switchâ s forwarding table, the switch tries to send the packet
to the port listed for that MAC address. But, if the destination port is in a
different VLAN than the VLAN on which the packet was received, the switch
drops the packet. This is not a problem for a switch with a multiple forwarding
database (refer to table 2-6, above) because the switch allows multiple
instances of a given MAC address; one for each valid destination.

It doesn't seem to work that way though. Is there something I have to enable?

Thanks,
Tate
Bruce Campbell_3
Valued Contributor

Re: VLAN isolation


If the 5412zl has an IP address on vlan 1
or vlan 2, then what you describe won't work, due to
something odd, I have details here:

https://strobe.uwaterloo.ca/~twiki/bin/view/ISTNS/ProcurveL2L3Table

and have reported to HP.

If the 5412zl has no IP address on either vlan
1 or vlan 2, it should work.

Bruce Campbell
Director, Network Services
Information Systems and Technology
MC 1018
(519)888-4567 x38323
University of Waterloo, Waterloo, ON