HPE Community
Web and Unmanaged
1752648 Members
5621 Online
108788 Solutions
New Discussion юеВ

Isolate VLAN - 1910 - 500

 
it_ejvnior
Frequent Advisor

тАО04-04-2016 03:04 PM

тАО04-04-2016 03:04 PM

Isolate VLAN - 1910 - 500

Hi.

I would like to know how I can isolate a specific vlan from the other vlans without using an ACL to deny the traffic?

Denying the traffic through an ACL works but I would like to do the inverse. Isolate the vlan 202 and only permit through ACL the UDP because the DHCP service and the traffic to the firewall.

The access switches are 1910 and the core 5500 HI.

Thanks in advance.

0 Kudos
2 REPLIES 2
16again
Respected Contributor

тАО04-04-2016 11:53 PM

тАО04-04-2016 11:53 PM

Re: Isolate VLAN - 1910 - 500

If  VLAN202 has a L3 interface on the switches, you do need ACL on the L3 switch. 
And for DHCP (relay) you need a L3 interface....

But if you move DHCP (relay) function to the firewall,  you can make VLAN202 L2 only on the switches, giving you isolation without switch ACLs.

0 Kudos
it_ejvnior
Frequent Advisor

тАО04-05-2016 04:11 AM

тАО04-05-2016 04:11 AM

Re: Isolate VLAN - 1910 - 500

All switches uses the DHCP relay function.

So, the best way to block the inbound traffic from vlan 202 to 1 is denying the traffic through an ACL?

Thanks in advance.

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.