HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
Web and Unmanaged
Showing results for 
Search instead for 
Did you mean: 

HPE 1620 VLAN: how to have 1 port visible to all VLANs

Go to solution
Occasional Collector

HPE 1620 VLAN: how to have 1 port visible to all VLANs

I have a HPE 1620 switch connected to an Internet router and various clients. I would like to have the clients on separate VLANs, so they don't "see" each other, but all should have access to the port on which the router is connected.

I tried many different configurations, but none seem to achieve this result. Either the machines have no access to the router, or they all have access to each other probably because they are members of their own VLAN but also of the VLAN ID 1 used for the router port.

How can I achieve this seemingly simple configuration?


Honored Contributor

Re: HPE 1620 VLAN: how to have 1 port visible to all VLANs

First, check to see if the 1620 supports private vlans, or port isolation. Probably not, but check.

Failing that, you have two choices:
1. If your switch supports routing, then each of your client VLANs has its default gateway on its VLAN interface on the switch. You then need another VLAN which will be the point to point link to the router. The switch needs a default route pointing at the router and the router needs routes for each of your internal subnets pointing at the switch
2. You trunk all VLANs to the router and the router has a VLAN or sub interface for each VLAN which has the IP address that is the default GW for each VLAN.

Frankly, I would guess that neither of your devices has the capabilities you require to make this work.

Occasional Collector

Re: HPE 1620 VLAN: how to have 1 port visible to all VLANs

It turns out that it is possible, even though the 1620 is not a layer3 switch. This is how I did it:

Port 1: Internet router
Ports 3, 5, 7, ..., 23 (top row): Normal switch VLAN ID 1. Has access to switch config.
Ports 2, 4, 6, ..., 24 (bottom row): Clients VLAN IDs 1, [own], 100. Can only access Internet. No access to switch config.

Network->VLAN->Select VLAN :

ID   Description  Untagged Membership     Tagged Membership
1    VLAN 0001    GE1/0/1-GE1/0/24
2    VLAN 0002    GE1/0/2
4    VLAN 0004    GE1/0/4
24   VLAN 0024    GE1/0/24
100  VLAN 0100    GE1/0/1-GE1/0/2, GE1/0/4, GE1/0/6, GE1/0/8, GE1/0/10, GE1/0/12, GE1/0/14, GE1/0/16, GE1/0/18, GE1/0/20, GE1/0/22, GE1/0/24

Network->VLAN->Port Detail :

Port 	    Untagged Membership 	          Tagged Membership	Link Type   PVID
GE1/0/1	    1-2,4,6,8,10,12,14,16,18,20,22,24,100		        Hybrid	    1
GE1/0/3	    1		                                                Access	    1
GE1/0/5	    1		                                                Access	    1
GE1/0/21 1 Access 1 GE1/0/23 1 Access 1
GE1/0/2 1-2,100 Hybrid 2 GE1/0/4 1,4,100 Hybrid 4 GE1/0/6 1,6,100 Hybrid 6 ...
GE1/0/22 1,22,100 Hybrid 22 GE1/0/24 1,24,100 Hybrid 24


I actually did it by editing a saved startup.cfg file. Here are the relevant parts in the file:

vlan 1
vlan 2
vlan 4
vlan 6

vlan 24
vlan 100

interface Vlan-interface1
 ip address 
interface GigabitEthernet1/0/1
 port link-type hybrid
 port hybrid vlan 1 to 2 4 6 8 10 12 14 16 18 20 untagged
 port hybrid vlan 22 24 100 untagged
interface GigabitEthernet1/0/2
 port link-type hybrid
 port hybrid vlan 1 to 2 100 untagged
 port hybrid pvid vlan 2
interface GigabitEthernet1/0/4
 port link-type hybrid
 port hybrid vlan 1 4 100 untagged
 port hybrid pvid vlan 4

interface GigabitEthernet1/0/24
 port link-type hybrid
 port hybrid vlan 1 24 100 untagged
 port hybrid pvid vlan 24
interface GigabitEthernet1/0/3
interface GigabitEthernet1/0/5

interface GigabitEthernet1/0/23