- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Web and Unmanaged
- >
- Re: VLANS IN V1920
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-22-2016 07:11 AM
тАО08-22-2016 07:11 AM
VLANS IN V1920
Hello everyone.
I wonder how could create the following environment:
Router - Switches A, B , C - VLAN01 , VLAN02 , VLAN03 . Where VLAN01 can communicate with all printers, VLAN02 only with printer B and VLAN03 does not connect to any printer. Could anyone help me with this?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-22-2016 11:53 AM
тАО08-22-2016 11:53 AM
Re: VLANS IN V1920
Howdy,
Just my opinion - I'm sure others will have different ideas...
I would create a new VLAN - say VLAN4 - and put the printers in it
If one of the switches is doing the L3 switching / routing I would also put the upstream router in its own small "transit" WAN access network - say VLAN 5 - with its own IP address range for its LAN port to live in (this could be a mini network with a /28 or 255.255.255.240 netmask).
Access contol lists are generally applied as close to source as possible - in other words on the originating L3 interface but seeing as you are only looking to "defend" the printer network it might be worth switching the usual logic around and having a source address filter applied "outbound" on the Vlan4 Layer 3 interface if that were all that you wanted to do.
If we were filtering on the individual VLANs as the traffic came into the switch the logic would be something like as follows:
VLAN 1 subnet gets access to printer network (4) and router / WAN network (5)
VLAN 2 subnet allowed to access WAN (5) , Printer B address is allowed (with an ACL rule including the host wildcard of 255.255.255.255) but rules deny the rest of the printer subnet (wildcard say of 0.0.0.255 if it is a 24 bit network address)
Vlan 3 allowed WAN access (5) but denied access to anywhere on local LAN
Each host VLAN would then need a packet-filter applied inbound on the respective L3 interface.
If you offer up some sample IP address ranges it might become clearer.
Are you configuring this rule set through the Web GUI? I am more familiar with doing ACLs at the CLI.
ACLs based on destination are usually called "extended" ACLs and are configured in the 3000-3999 range of ACL ID's.
Hope that gives you some ideas (please give kudos if it does)
thanks
Ian
## ---------------------------------------------------------------------------##
Which is the only cheese that is made backwards?
Edam!
Tweets: @2techie4me
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-25-2016 05:13 AM
тАО08-25-2016 05:13 AM
Re: VLANS IN V1920
Hello Ian , yes very good like your idea of it. However I do not know how to do this and maybe I'm not understanding you completely . I am Brazilian speak little English and translations are always bad . You understand me? But come on , I'm on my network router 1 , 2 Switches V1920 and V1910 1 more . I want I'm trying to increase network security and at the same time reduce the " broadcasts " to have a better performance. Aiming it would be a good practice to create VLANs and correct seguimentar ? So I understood that if I have 3 or 4 VLANs and put ADM in one production to another , WIFI and other printers in another , I could already improve the environment. Right? You understand me? Yes, I'm using the web interface. Thank you