- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- vlan to vlan acls
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-24-2007 01:58 PM
тАО03-24-2007 01:58 PM
based on the specs, seems the 3400cl will do so:
http://h10010.www1.hp.com/wwpc/uk/en/sm/WF06b/23591-23599-23599-23599-12086666-12086690-18940243.html
but wanted to hear it from a horse's mouth: do you/have you routed between vlans on a 3400cl? (ie: we have several vlans on campus and want to move data from specific nodes in the existing vlans into another vlan (backup to disk servers), but don't want to just open up all ports/full routing)
so an true acl between the vlans is what we need.
thoughts?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-24-2007 03:34 PM
тАО03-24-2007 03:34 PM
SolutionTo control the traffic on a Routing Switch, Simply you need ACLs on ProCurve Switches.
Of course there are many ways to do that, but the standard way is the ACLs.
On the 2800 you can't do it, but you can on the 3400.
There are other security methods that may help like, Source port filtering, MAC Lockdown ...
The following link has the answers:
ftp://ftp.hp.com/pub/networking/software/6400-5300-4200-3400-Security-Oct2006-59906052-Chap12.pdf
Good Luck !!!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-24-2007 03:35 PM
тАО03-24-2007 03:35 PM
Re: vlan to vlan acls
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-24-2007 03:40 PM
тАО03-24-2007 03:40 PM
Re: vlan to vlan acls
Razmat ....
What you need is MAC Access-List, which is not available on ProCurve Switches.
You still can use the Source Port Filtering to do that, because controlling the MAC should be through Layer2 not Layer3.
Good luck !!!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-25-2007 07:33 PM
тАО03-25-2007 07:33 PM
Re: vlan to vlan acls
routing is Layer 3 business, whereas MAC addressing is Layer 2 business.
You can stop some MACs showing on some ports of your switch, but you can surely not do routing based on MAC addresses: there is no routing protocol out there that does this.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-26-2007 03:34 AM
тАО03-26-2007 03:34 AM
Re: vlan to vlan acls
My dear OLARU, ACLs controls L2 up to L4 (as we all know).
AND...
So many vendors use MAC ACLs in some complex scenarios and implement it in a Policy Based Routing or even Route Maps which is L3 (business).
So you can find in many cases, OSI layers dancing together in multiple ACLs , and these ACLs are used in a complex Route Maps that combines L2 up to L4 :)
Good Luck !!!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-26-2007 03:56 PM
тАО03-26-2007 03:56 PM
Re: vlan to vlan acls
from here: http://www.hp.com/rnd/support/manuals/3400cl.htm, specifically here: ftp://ftp.hp.com/pub/networking/software/6400-5300-4200-3400-AdvTrafficMgmt-Oct2006-59906051.pdf
page 10-4 aka: page: 432
"also, acls, qos, and rate limiting share the same per-port mask resources on these switches. for these reasons, the best places to apply acsl on the 3400cl/6400cl switches are on "edge" ports where acls are likely to be less complex and resource-intensive than in core network applicaions where the per-vlan and inbound/outbound acl filtering offered by the 5300xl switches may be the best acl sol'n."
and on 10-13, page 441,
"Note that ACLs do not screen traffic at
any internal point where traffic moves between VLANs or subnets
within the switch; only on inbound ports and static trunks. Refer to
├в ACL Inbound Application Points├в on page 10-10."
this switch 3400cl if hp or 3560G if cisco is the 'core' of this multi-vlan network, ie: all gigabit to iSCSI disk based backup will go through this switch. we're trying to get specific ports to go from vlan A to vlan B and vlan A to vlan C, and vlan A to vlan D. block B <--> C, etc. and the ports won't always be the same, so a few entries per ACL in both directions, in that some are just disk based backups (hi bandwidth) some may be snmpmonitoring of server resources, too. so not high traffic but dropped UDP packets would be bad for false-positives.
comments?
looks like we want the 5300...