HPE Community
Switches, Hubs, and Modems
1752805 Members
5553 Online
108789 Solutions
New Discussion юеВ

restrict vlan routing

 
ACL
Occasional Advisor

тАО02-21-2011 04:34 AM

тАО02-21-2011 04:34 AM

restrict vlan routing


I have an HP Procurve E5406(Core) with vlan-10(guest-voice)IP-DHCP, Vlan-100(guest-data)IP-DHCP,vlan-300(switch mgmt)IP-192.168.6.X/24 and vlan-200(admin network)192.168.5.X/24. Now when I enable ip routing all the vlan's are pinking each other. but i want to restrict the access of vlan 10 & 100 to vlan 200 & 300. i need only 200 & 300 to communicate each other.how is it possible? is it possible by creating ACL and how to do ACL in this case?

0 Kudos
5 REPLIES 5
cenk sasmaztin
Honored Contributor

тАО02-21-2011 04:42 PM

тАО02-21-2011 04:42 PM

Re: restrict vlan routing

your config
your vlan unable between routing
because unasign ip address on vlan interface

if you want use acl fristly assign vlan ip address

for example configuration sperate vlan 100 between vlan 1 acl
****************************************
ip access-list standard "10"
10 deny 192.168.2.0 0.0.0.255
20 permit 0.0.0.0 255.255.255.255
exit
vlan 1
name "DEFAULT_VLAN"
ip address 192.168.2.50 255.255.255.0
untagged B21-B24,C1-C24
no untagged A1-A24,B1-B20
exit
vlan 100
name "Guest"
ip address 192.168.3.50 255.255.255.0
untagged A19-A20,B3-B4
tagged B21-B24,C1-C20
ip access-group "10" out
exit
vlan 10
name "Voice"
ip address 192.168.4.50 255.255.255.0
untagged A17-A18,B1-B2
tagged B21-B24,C1-C20
exit
vlan 200
name "Admin"
ip address 192.168.5.50 255.255.255.0
untagged A1-A16,B5-B20
tagged B21-B24,C1-C20
exit
vlan 300
name "Admin_Mgmt"
untagged A21-A24
ip address 192.168.6.50 255.255.255.0
tagged B21-B24,C1-C20
exit
cenk

0 Kudos
ACL
Occasional Advisor

тАО02-21-2011 09:06 PM

тАО02-21-2011 09:06 PM

Re: restrict vlan routing

Thank you..
can you give me a brief about how the ACL in the your example works? will it blocks all the traffic from vlan-100 to the default-vlan_1. also confirm if I have to enable IP routing or not.
0 Kudos
cenk sasmaztin
Honored Contributor

тАО02-22-2011 12:31 AM

тАО02-22-2011 12:31 AM

Re: restrict vlan routing

yes ip routing must be enable
cenk

0 Kudos
ACL
Occasional Advisor

тАО02-26-2011 08:36 PM

тАО02-26-2011 08:36 PM

Re: restrict vlan routing

thank you so much
0 Kudos
ACL
Occasional Advisor

тАО02-26-2011 08:39 PM

тАО02-26-2011 08:39 PM

Re: restrict vlan routing

thanks
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.