- Integrated Systems
- About Us
- Integrated Systems
- About Us
07-08-2017 11:05 AM
I have a HPE 1620 switch connected to an Internet router and various clients. I would like to have the clients on separate VLANs, so they don't "see" each other, but all should have access to the port on which the router is connected.
I tried many different configurations, but none seem to achieve this result. Either the machines have no access to the router, or they all have access to each other probably because they are members of their own VLAN but also of the VLAN ID 1 used for the router port.
How can I achieve this seemingly simple configuration?
Solved! Go to Solution.
07-09-2017 10:20 PM
Re: HPE 1620 VLAN: how to have 1 port visible to all VLANs
First, check to see if the 1620 supports private vlans, or port isolation. Probably not, but check.
Failing that, you have two choices:
1. If your switch supports routing, then each of your client VLANs has its default gateway on its VLAN interface on the switch. You then need another VLAN which will be the point to point link to the router. The switch needs a default route pointing at the router and the router needs routes for each of your internal subnets pointing at the switch
2. You trunk all VLANs to the router and the router has a VLAN or sub interface for each VLAN which has the IP address that is the default GW for each VLAN.
Frankly, I would guess that neither of your devices has the capabilities you require to make this work.
07-12-2017 03:00 AM - edited 07-12-2017 03:25 AMSolution
It turns out that it is possible, even though the 1620 is not a layer3 switch. This is how I did it:
Port 1: Internet router
Ports 3, 5, 7, ..., 23 (top row): Normal switch VLAN ID 1. Has access to switch config.
Ports 2, 4, 6, ..., 24 (bottom row): Clients VLAN IDs 1, [own], 100. Can only access Internet. No access to switch config.
Network->VLAN->Select VLAN :
ID Description Untagged Membership Tagged Membership 1 VLAN 0001 GE1/0/1-GE1/0/24 2 VLAN 0002 GE1/0/2 4 VLAN 0004 GE1/0/4 ... 24 VLAN 0024 GE1/0/24 100 VLAN 0100 GE1/0/1-GE1/0/2, GE1/0/4, GE1/0/6, GE1/0/8, GE1/0/10, GE1/0/12, GE1/0/14, GE1/0/16, GE1/0/18, GE1/0/20, GE1/0/22, GE1/0/24
Network->VLAN->Port Detail :
Port Untagged Membership Tagged Membership Link Type PVID GE1/0/1 1-2,4,6,8,10,12,14,16,18,20,22,24,100 Hybrid 1 GE1/0/3 1 Access 1 GE1/0/5 1 Access 1 ...
GE1/0/21 1 Access 1 GE1/0/23 1 Access 1
GE1/0/2 1-2,100 Hybrid 2 GE1/0/4 1,4,100 Hybrid 4 GE1/0/6 1,6,100 Hybrid 6 ...
GE1/0/22 1,22,100 Hybrid 22 GE1/0/24 1,24,100 Hybrid 24
I actually did it by editing a saved startup.cfg file. Here are the relevant parts in the file:
vlan 1 # vlan 2 # vlan 4 # vlan 6 #... vlan 24 # vlan 100 #... # interface Vlan-interface1 ip address 192.168.1.102 255.255.255.0 # interface GigabitEthernet1/0/1 port link-type hybrid port hybrid vlan 1 to 2 4 6 8 10 12 14 16 18 20 untagged port hybrid vlan 22 24 100 untagged # interface GigabitEthernet1/0/2 port link-type hybrid port hybrid vlan 1 to 2 100 untagged port hybrid pvid vlan 2 # interface GigabitEthernet1/0/4 port link-type hybrid port hybrid vlan 1 4 100 untagged port hybrid pvid vlan 4 #... interface GigabitEthernet1/0/24 port link-type hybrid port hybrid vlan 1 24 100 untagged port hybrid pvid vlan 24 # interface GigabitEthernet1/0/3 # interface GigabitEthernet1/0/5 #... interface GigabitEthernet1/0/23 #...