HPE Community
Switches, Hubs, and Modems
1753447 Members
5028 Online
108794 Solutions
New Discussion юеВ

Re: Vlan access control

 
joseph2517
New Member

тАО02-26-2011 10:14 PM

тАО02-26-2011 10:14 PM

Vlan access control

I have 4 vlan in the switches.now i have enabled ip routing in the core switch. in total there are 8 switches, all in mgmt vlan 300 with ip range 192.168.6.X/24. now I want to install the HP management software in a PC that is in vlan 200(ip-192.168.5.X). how can i access the switches from this machine. and also i want to deny the access of all other valn's to vlan 200 & 300.basically i need the access b/w vlan 200 and 300.the other vlan's are one for guest and the other for voice. pleae tell me how I can do this.
0 Kudos
3 REPLIES 3
mwiche
Occasional Advisor

тАО02-28-2011 11:39 PM

тАО02-28-2011 11:39 PM

Re: Vlan access control

hi joseph,
what problem do you have? I don't understand your final question. Do you have routing problems?
If you have, then remind that you have to bringt up min. one interface in a vlan to get routing for this vlan active. For access control you can create access-lists by using this commands:

ip access-list extended|standard nameOfList

now you can add enttries to the created access list like this:

deny|allow ip|tcp|udp sourceNet destNet [eq port]

Note! At thend of every access-list there is an implicit deny. If you want to negotiate this your last entry should be an

allow any any

The last step is to assign the access-list to the needed ports using this command in interface context:

access-group nameOfACL in

thats it!
good luck.

For more information look to the advanced traffic management guide for your device. You can download it in the support section.


0 Kudos
mwiche
Occasional Advisor

тАО03-01-2011 02:16 AM

тАО03-01-2011 02:16 AM

Re: Vlan access control

hi joseph,

the right syntax is permit instead of allow.
sorry.

markus
0 Kudos
Pieter 't Hart
Honored Contributor

тАО03-03-2011 02:46 AM

тАО03-03-2011 02:46 AM

Re: Vlan access control

Hi Joseph,

when you declare one vlan the management vlan, the switch will NOT route this vlan to other networks.

so your management station should also be on the management vlan!

From the management&config guide:

Access to this VLAN, and to the switch├в s management functions (Menu, CLI, and web browser interface) is available only through ports configured as members.
...
├в   Only traffic from the Management VLAN can manage the switch, which means that only the workstations and PCs connected to ports belonging to the Management VLAN can manage and reconfigure the switch.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.