- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- Re: Acl - Use port or vlan?
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-08-2008 10:58 AM
тАО08-08-2008 10:58 AM
Acl - Use port or vlan?
I have an HP procurve 5400 and I need to use special acl for 3 pc groups.
The pcs are in the SAME SUBNET ad I must have:
PC GROUP A: Allow speacking with PC GROUP B
PC GROUP B: Allow speacking with PC GROUP C
PC GROUP A: Block speacking with PC GROUP C
Can i make 3 vlans and use static routing or special acl? Is it possible with SAME SUBNETS?
How can i do it?
Is there any other solution?
Sorry for my English and thank's in advance
Angelo
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-08-2008 11:10 AM
тАО08-08-2008 11:10 AM
Re: Acl - Use port or vlan?
***Can i make 3 vlans and use static routing or special acl? Is it possible with SAME SUBNETS?
no Angelo you don't create same subnet tree vlan it's impossible
for running this operation two way
way 1-assign statically each group pc ip address and attach acl on switch port(static)very bed.
way 2-my advice you can use IDM you can create on IDM user base access list no need look port, no need static ip ,no need vlan very successfull
cenk
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-08-2008 11:12 AM
тАО08-08-2008 11:12 AM
Re: Acl - Use port or vlan?
in that case attach user group acl on vlan interface
cenk
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-08-2008 11:28 AM
тАО08-08-2008 11:28 AM
Re: Acl - Use port or vlan?
I have one Voip Server (GROUP A), this server uses a PRI over erthernet box (GROUP B) and a lot of VoIP telephones (GROUP C).
A sees B&C, B sees A, C sees A
I must optimize the traffic between A and B. Unfortunately i can't attach a new nic on he server (and dedicate a vlan for those ips.)
There are no users and i cant' utilize vlan tagged packets (the PRI box is "stupid")
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-08-2008 11:32 AM
тАО08-08-2008 11:32 AM
Re: Acl - Use port or vlan?
The server's ip is static, the pri box is static, only telephones ips are not static. Buy i wish to do something like:
ip xxx.xxx.xxx.1(pri box) accepts only from xxx.xxx.xxx.200 and xxx.xxx.xxx.201 (voip servers)
and
ip xxx.xxx.xxx.1 sends ony to xxx.xxx.xxx.200 and xxx.xxx.xxx.201
I must say that the box can only speak and only accept packets from/to the server. I don't whant the pri box to receive other network packets like broadcast..
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-08-2008 11:50 AM
тАО08-08-2008 11:50 AM
Re: Acl - Use port or vlan?
so B notsee c all other group between connect
is this true ?
there fore you make create tree vlan
and you can running routing between vlan
for example
group A vlan 10 172.16.10.1/24
group B vlan 20 172.16.20.1/24
group C vlan 30 172.16.30.1/24
and ip routing enable on switch
now each vlan connect between (with routing)
you can create acl and assign vlan b and vlan c
cenk
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-08-2008 12:00 PM
тАО08-08-2008 12:00 PM
Re: Acl - Use port or vlan?
source port-filter very easy way for seperate switch port for example
coresw2(config)# filter source-port A1 drop A10-A20
int A1 dont connect A10-A20 interface but connection all other interface
very easy
cenk
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-08-2008 12:02 PM
тАО08-08-2008 12:02 PM
Re: Acl - Use port or vlan?
My problem is that the voip servers, the phones and the pri box are in the same network.
Is it possible if a put the pri box in other network?
Server and phone in vlan 100, pri box in vlan 200.
Ogni server ips in vlan 100 can see vlan 200 and vice versa
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-08-2008 12:05 PM
тАО08-08-2008 12:05 PM
Re: Acl - Use port or vlan?
Can i say:
Port A1 connects port A2 and A3 and receives only from A2 and A3?
Ports A2 and A3 can see all other ports
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-08-2008 12:11 PM
тАО08-08-2008 12:11 PM
Re: Acl - Use port or vlan?
you can ip routing command on switch running routing between vlan
for example
vlan 10 ip address 172.16.10.1/24
vlan 10 member pc
ip address 172.16.10.10/24
dg:172.16.10.1
vlan 20 ip address 172.16.20.1/24
vlan 20 member pc
ip adress 172.16.20.10/24
dg:172.16.20.1
you can ping test between pc you can see ping ok.
vlan sperate only L2 you can want connect different vlan's pc enable ip routing on switch and assign vlan interface ip address
pc default gateway address
cenk