- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- routing of Guest vlan out to internet -- and NOT s...
Switches, Hubs, and Modems
1753747
Members
4793
Online
108799
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-28-2009 03:30 PM
08-28-2009 03:30 PM
routing of Guest vlan out to internet -- and NOT see corp Vlan
we are a full HP network. with over 50 various HP switches, in 12 closets. 5412zl at the core in the main server room with a spoke / wheel setup. Closets bounce back to the core via trunked 2-10 gig. We have 9 vlans all is working great, one voip vlan with qos, on a wireless N vlan. All Vlans have their own DHCP server on a seperated subnet. from the core it goes to several security DMZ appliances.. then out to the net via a Cisco ASA. All is working great. .. now the question I want create a wireless "guest" Vlan so client can connect and pass out the Internet "not seeing anything at or on the core" is there a routing command i can set up to say.. "this Vlan" goes out to the net .. and can not see communicate to any other device on any other vlan. currently all Vlans route from the 5412zl core.... ie.. i dont want visitors to see our corp lan. we thouch of putting a sonicwall device in the DMZ and bounce the vlan to it.. when when we do.. we can still ping the back corp. Vlan . .. some advice please .. Thanks.
1 REPLY 1
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-30-2009 02:40 AM
08-30-2009 02:40 AM
Re: routing of Guest vlan out to internet -- and NOT see corp Vlan
Sounds like you just want to put an ACL on the guest VLAN.
You could either have an explicit 'deny' for any traffic to each of the non-guest VLANs (you might be able to summarise this into one line depending on how your address ranges are laid out) and then an 'allow all' for everything else.
You'd have to remember to add in each non-guest VLAN to the ACL when you created a new one.
Alternatively you could lock down the guest VLAN, i.e
- allow dhcp to appropriate server
- allow dns
- allow http/https
- (implicit) deny everything else
You could either have an explicit 'deny' for any traffic to each of the non-guest VLANs (you might be able to summarise this into one line depending on how your address ranges are laid out) and then an 'allow all' for everything else.
You'd have to remember to add in each non-guest VLAN to the ACL when you created a new one.
Alternatively you could lock down the guest VLAN, i.e
- allow dhcp to appropriate server
- allow dns
- allow http/https
- (implicit) deny everything else
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP