HPE Community
Web and Unmanaged
1753865 Members
7340 Online
108809 Solutions
New Discussion юеВ

Re: HPE 1620 VLAN: how to have 1 port visible to all VLANs

 
SOLVED
Go to solution
Albert25
Occasional Contributor

тАО07-08-2017 11:05 AM

тАО07-08-2017 11:05 AM

HPE 1620 VLAN: how to have 1 port visible to all VLANs

I have a HPE 1620 switch connected to an Internet router and various clients. I would like to have the clients on separate VLANs, so they don't "see" each other, but all should have access to the port on which the router is connected.

I tried many different configurations, but none seem to achieve this result. Either the machines have no access to the router, or they all have access to each other probably because they are members of their own VLAN but also of the VLAN ID 1 used for the router port.

How can I achieve this seemingly simple configuration?

Thanks

0 Kudos
2 REPLIES 2
Vince-Whirlwind
Honored Contributor

тАО07-09-2017 10:20 PM

тАО07-09-2017 10:20 PM

Re: HPE 1620 VLAN: how to have 1 port visible to all VLANs

First, check to see if the 1620 supports private vlans, or port isolation. Probably not, but check.

Failing that, you have two choices:
1. If your switch supports routing, then each of your client VLANs has its default gateway on its VLAN interface on the switch. You then need another VLAN which will be the point to point link to the router. The switch needs a default route pointing at the router and the router needs routes for each of your internal subnets pointing at the switch
2. You trunk all VLANs to the router and the router has a VLAN or sub interface for each VLAN which has the IP address that is the default GW for each VLAN.

Frankly, I would guess that neither of your devices has the capabilities you require to make this work.

0 Kudos
Albert25
Occasional Contributor

тАО07-12-2017 03:00 AM - edited тАО07-12-2017 03:25 AM

тАО07-12-2017 03:00 AM - edited тАО07-12-2017 03:25 AM

Solution

Re: HPE 1620 VLAN: how to have 1 port visible to all VLANs

It turns out that it is possible, even though the 1620 is not a layer3 switch. This is how I did it:

Port 1: Internet router
Ports 3, 5, 7, ..., 23 (top row): Normal switch VLAN ID 1. Has access to switch config.
Ports 2, 4, 6, ..., 24 (bottom row): Clients VLAN IDs 1, [own], 100. Can only access Internet. No access to switch config.

Network->VLAN->Select VLAN :

ID   Description  Untagged Membership     Tagged Membership
1    VLAN 0001    GE1/0/1-GE1/0/24
2    VLAN 0002    GE1/0/2
4    VLAN 0004    GE1/0/4
...
24   VLAN 0024    GE1/0/24
100  VLAN 0100    GE1/0/1-GE1/0/2, GE1/0/4, GE1/0/6, GE1/0/8, GE1/0/10, GE1/0/12, GE1/0/14, GE1/0/16, GE1/0/18, GE1/0/20, GE1/0/22, GE1/0/24

Network->VLAN->Port Detail :

Port 	    Untagged Membership 	          Tagged Membership	Link Type   PVID
GE1/0/1	    1-2,4,6,8,10,12,14,16,18,20,22,24,100		        Hybrid	    1
GE1/0/3	    1		                                                Access	    1
GE1/0/5	    1		                                                Access	    1
...
GE1/0/21    1		                                                Access	    1
GE1/0/23    1		                                                Access	    1

GE1/0/2	    1-2,100		                                        Hybrid	    2
GE1/0/4	    1,4,100		                                        Hybrid	    4
GE1/0/6	    1,6,100		                                        Hybrid	    6
...
GE1/0/22    1,22,100		                                        Hybrid	    22
GE1/0/24    1,24,100		                                        Hybrid	    24

 

I actually did it by editing a saved startup.cfg file. Here are the relevant parts in the file:

vlan 1
#
vlan 2
#
vlan 4
#
vlan 6
#...

vlan 24
#
vlan 100
#...

#
interface Vlan-interface1
 ip address 192.168.1.102 255.255.255.0 
#
interface GigabitEthernet1/0/1
 port link-type hybrid
 port hybrid vlan 1 to 2 4 6 8 10 12 14 16 18 20 untagged
 port hybrid vlan 22 24 100 untagged
#
interface GigabitEthernet1/0/2
 port link-type hybrid
 port hybrid vlan 1 to 2 100 untagged
 port hybrid pvid vlan 2
#
interface GigabitEthernet1/0/4
 port link-type hybrid
 port hybrid vlan 1 4 100 untagged
 port hybrid pvid vlan 4
#...

interface GigabitEthernet1/0/24
 port link-type hybrid
 port hybrid vlan 1 24 100 untagged
 port hybrid pvid vlan 24
#
interface GigabitEthernet1/0/3
#
interface GigabitEthernet1/0/5
#...

interface GigabitEthernet1/0/23
#...
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.