HPE Community
Web and Unmanaged
1752518 Members
5042 Online
108788 Solutions
New Discussion юеВ

Re: VLANS IN V1920

 
JR_Oliveira
Advisor

тАО08-22-2016 07:11 AM

тАО08-22-2016 07:11 AM

VLANS IN V1920

Hello everyone.

I wonder how could create the following environment:

Router - Switches A, B , C - VLAN01 , VLAN02 , VLAN03 . Where VLAN01 can communicate with all printers, VLAN02 only with printer B and VLAN03 does not connect to any printer. Could anyone help me with this?

0 Kudos
2 REPLIES 2
Ian Vaughan
Honored Contributor

тАО08-22-2016 11:53 AM

тАО08-22-2016 11:53 AM

Re: VLANS IN V1920

Howdy,

Just my opinion - I'm sure others will have different ideas...

I would create a new VLAN - say VLAN4 - and put the printers in it

If one of the switches is doing the L3 switching / routing I would also put the upstream router in its own small "transit" WAN access network - say VLAN 5 - with its own IP address range for its LAN port to live in (this could be a mini network with a /28 or 255.255.255.240 netmask).  

Access contol lists are generally applied as close to source as possible - in other words on the originating L3 interface but seeing as you are only looking to "defend" the printer network it might be worth switching the usual logic around and having a source address filter applied "outbound" on the Vlan4 Layer 3 interface if that were all that you wanted to do.

If we were filtering on the individual VLANs as the traffic came into the switch the logic would be something like as follows:

VLAN 1 subnet gets access to printer network (4) and router / WAN  network (5)

VLAN 2 subnet allowed to access WAN (5) , Printer B address is allowed (with an ACL rule including the  host wildcard of 255.255.255.255) but rules deny the rest of the printer subnet (wildcard say of 0.0.0.255 if it is a 24 bit network address)

Vlan 3 allowed WAN access (5) but denied access to anywhere on local LAN

Each host VLAN would then need a packet-filter applied inbound on the respective L3 interface.  

If you offer up some sample IP address ranges it might become clearer.

Are you configuring this rule set through the Web GUI? I am more familiar with doing ACLs at the CLI.

ACLs based on destination are usually called "extended" ACLs and are configured in the 3000-3999 range of ACL ID's.

Hope that gives you some ideas (please give kudos if it does)

thanks

Ian

 

Hope that helps - please click "Thumbs up" for Kudos if it does
## ---------------------------------------------------------------------------##
Which is the only cheese that is made backwards?
Edam!
Tweets: @2techie4me
0 Kudos
JR_Oliveira
Advisor

тАО08-25-2016 05:13 AM

тАО08-25-2016 05:13 AM

Re: VLANS IN V1920

Hello Ian , yes very good like your idea of it. However I do not know how to do this and maybe I'm not understanding you completely . I am Brazilian speak little English and translations are always bad . You understand me? But come on , I'm on my network router 1 , 2 Switches V1920 and V1910 1 more . I want I'm trying to increase network security and at the same time reduce the " broadcasts " to have a better performance. Aiming it would be a good practice to create VLANs and correct seguimentar ? So I understood that if I have 3 or 4 VLANs and put ADM in one production to another , WIFI and other printers in another , I could already improve the environment. Right? You understand me? Yes, I'm using the web interface. Thank you

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.