HPE Community
HPE Aruba Networking & ProVision-based
1832592 Members
2790 Online
110043 Solutions
New Discussion

Vlan routing hp5400zl

 
out_of_depth
Occasional Contributor

‎02-24-2014 02:28 AM

‎02-24-2014 02:28 AM

Vlan routing hp5400zl

Hi

Probably very basic

Have several vlan defined.
Vlan1 and the switch have been given an ip of 192.168.1.49
Vlan2,3,4 no ip

Now I need to have vlan1 talk to vlan2. Now what is the best way to do this
I have thought for vlan2 to add ipaddress 192.168.10.1 255.255.255.0

I also want vlan3 to talk to vlan4. Vlan3 and 4 cannot talk to 1 and 2

On vlan 1 do I need to change the ip so it is .1.1 and not .1.49
I have an ad server on .1.1 but that can be moved

On the vlan I was going to use the command on each vlan "ip rip v1-only"

Hope this makes sense
I
0 Kudos
1 REPLY 1
Chrisd131313
Trusted Contributor

‎02-25-2014 04:16 AM

‎02-25-2014 04:16 AM

Re: Vlan routing hp5400zl

Hi out_of_depth,

 

First off if you need to route between VLANs on the switch you will need to enable ip routing "ip routing" from the cli. Then you will need to make sure that you assign an IP address to each VLAN that you want to be able to route from and to. This will then be the Default Gateway for the devices connected to that VLAN.

 

If you want specific VLANs to talk to specific VLANs i.e. VLAN#1 to VLAN#3 but not VLAN#2 you will need to apply ACLs to deny the inter-VLAN traffic.

 

so for example, to deny traffic from VLAN#1 (192.168.1.0/24) to VLAN#2 (192.168.2.0/24) you would apply the following ACL...

 

1. Create the ACL Group - "ip access-group standard "VLAN1_to_VLAN2_Out"

2. Add the individual entries to the ACL group you just created to deny all traffic from VLAN#1 - "2 deny 192.168.1.0 0.0.0.255 "

You can add remarks as well to document each entry in the ACL group - "1 remark Block_VLAN1_traffic"

 

Exit out once you are done.

 

3. Apply it to the VLAN#2 - "vlan 2 ip access-group VLAN1_to_VLAN2_Out out

 

This will not allow any traffic from 192.168.1.0/24 from being sent out on VLAN#2 ports.

    

You can apply the same principle for each of the VLANs you want specific VLANs to be able to access.

 

You can enable ripv1 if you want, but in the scenario you are talking about there probably isn't much need to do so - but it's up to you.

 

HTH.

-----------------------------------------------------

Don't forget to mark a post resolved if your question was answered.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.