Switches, Hubs, and Modems
1748255 Members
3932 Online
108760 Solutions
New Discussion юеВ

Re: intervlan and control with 4204vl

 
SOLVED
Go to solution
liquideshark
Advisor

intervlan and control with 4204vl

Hi iam want to realise this platform with 4204vl

Vlan 2,3,4 <====communication====> vlan7 (internet)
Vlan 2,3,4 <====communication====> vlan8(services)
Vlan5 <====communication====>vlan8(services)
and trafic interVlan 2,3,4,5 not allow

Is it possible to realise this architecture with my switch?

Thank you
10 REPLIES 10
cenk sasmaztin
Honored Contributor
Solution

Re: intervlan and control with 4204vl

yes it's possible

general solution
many people use acl for permit or deny between vlan's connection , switch have must acl feature but unable acl 4204 switch

my solution
source port filter (very easy)

source port filter have L2 security feature
make deny or permit between port's
if you use static vlan on switch have must each vlan member port on switch
for example
vlan 2 untag port a1,a2,a3
vlan 3 untag port a4,a5,a6.........

you can manage port or port's group between communication

for example

(config)# filter source-port a1 drop a4-a6
with this commad unable connect a1 interface with a4,a5,a6 interface



cenk

liquideshark
Advisor

Re: intervlan and control with 4204vl

Hi thank you for your reply,

For exemple on my illustration i have 2 L2 switch 2810 vlan 4(192.168.4.1) and 5(192.168.5.1) tagged on A1 on my 4204vl[ vlan 4(192.168.4.2), vlan 5(192.168.5.2)].

vlan 4 and 5 can access internet and services

so how with [(config)# filter source-port ] I can deny trafic between Vlan 4 and 5 for exemple ?

look at the illustration attached
cenk sasmaztin
Honored Contributor

Re: intervlan and control with 4204vl

can I see sh run print each switch

please send me
cenk

cenk sasmaztin
Honored Contributor

Re: intervlan and control with 4204vl

why use other siwtch for connection 4200 and 2810

if can directly connect two 2810 switches different uplink port to 4200 switch
we can use source port filter feature
cenk

liquideshark
Advisor

Re: intervlan and control with 4204vl

the think is there is more than 2 switch L2, and they are located in different places all connected by wireless concentrated to one port A1 of the L3 4204.
cenk sasmaztin
Honored Contributor

Re: intervlan and control with 4204vl

your config two 2810 switch connect one port on 4200 switch, this port carry two vlan (with802.1q) and you want deny traffic between two vlan

in this case don't config source port filter

source port filer able commication permit or deny between ports

you must be purchase acl feature switch
for example
5400
3500
3400
2610
cenk

liquideshark
Advisor

Re: intervlan and control with 4204vl

OK i see :(

I read about port trunkink on this page :
http://www.queret.net/blog/post/2008/02/07/111-linux-debian-configuration-de-vlan-ieee-8021q

is it possible to do trunking with the hp procurve 4204? like all my vlan trunk on one port and a linux with virtual vlan connected to it so i can do routing

see here too

http://img442.imageshack.us/img442/487/sanstitrejs7.png

Thank again for your help :)



liquideshark
Advisor

Re: intervlan and control with 4204vl

cenk sasmaztin
Honored Contributor

Re: intervlan and control with 4204vl

trunk term variable for producer

cisco so far ass trunk :carry all vlan trafic same port

hp so far ass trunk :link eggregation samely LACP

yes it is possible 4200 swich able trunk

you can eggregation two,four,eight port on switch for switch to switch connection or server team connection
cenk