HPE Community
Switches, Hubs, and Modems
1752519 Members
5129 Online
108788 Solutions
New Discussion

Re: 2910 ip routing

 
xpa
Occasional Advisor

‎12-10-2011 07:36 AM

‎12-10-2011 07:36 AM

2910 ip routing

When i enable ip routing on a 2910al switch every vlans comunicate each others, as a stupid hub.

 

The first versions of this switch allow to define by ip rip the vlans we want to communicate to, instead of full vlan open ports.

 

Anyway i suppose when you forbid a port on vlan port assigment it could not reach these vlan. But it does.

 

So why creating vlans, if then become full opened when we give it an ip address?

 

What is the way to deny some vlans to others, and leave others accessible?

 

Thanks in advance

 

pedro

 

 

 

0 Kudos
1 REPLY 1
showneek
Respected Contributor

‎12-12-2011 08:12 AM

‎12-12-2011 08:12 AM

Re: 2910 ip routing

Hi,

 

if you enable ip routing feature on the switch it automatically provides routing to the networks in its routing table. So if you create some VLANs, give them the IP address, these VLANs are as local networks and are presented in routing table so switch will provide routing between them.

 

If you want to limit traffic between VLANs you have to create access control lists (ACLs) on routing device. ACL allows to setup the rules and to filter the specific traffic on the switch. But I'm afraid and think that 2910 has only port based ACLs and that is not ideal to filter traffic between VLAN interfaces as routed ACLs in other models of switches.

 

And why create VLANs? It is not only to isolate traffic for security reasons. By creating VLANs you divide the network to smaller L2 domains, reduce broadcast domains, etc.

 

Regards,

Jan

 

 

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.