HPE Community
Switches, Hubs, and Modems
1833792 Members
2233 Online
110063 Solutions
New Discussion

Blocking vlan commnicate between vlans but only allow 1 vlan to communicate between all vlans

 
tresla_newbie
Frequent Visitor

‎01-21-2020 07:50 PM

‎01-21-2020 07:50 PM

Blocking vlan commnicate between vlans but only allow 1 vlan to communicate between all vlans

hi ,

i had 5 vlans inside hpe 1950 that allow all vlans communicate between each other.

now, i  need to allow only 1 vlan(which is vlan 103) communicate between all vlans , the rest i need to block.

any guide can i refer to?

here the details

vlan 101
ip address 10.1.101.1 255.255.255.0

vlan 102
ip address 10.1.102.1 255.255.255.0

vlan 103
ip address 10.1.103.1 255.255.255.0

vlan 104
ip address 10.1.104.1 255.255.255.0

vlan 105
ip address 10.1.105.1 255.255.255.0

thanks

0 Kudos
2 REPLIES 2
mmilev
HPE Pro

‎01-30-2020 05:48 AM

‎01-30-2020 05:48 AM

Re: Blocking vlan commnicate between vlans but only allow 1 vlan to communicate between all vlans

Hi,

 

I understand that you want to allow traffic from VLAN 103 to VLAN 103 and the other 4 VLANs and to block anything else.

 

If you have the following simple topology:

Sw1 – 1950 – Sw3

 

# On all devices configure the appropriate VLAN interfaces and permit VLANs on the trunks.

 

# On 1950 define an advanced ACL like below:

# Counting is not mandatory

           

acl advanced 3000

 rule 1 permit ip source 10.1.103.0 0.0.0.255 destination 10.1.103.0 0.0.0.255 counting

 

 rule 2 permit ip source 10.1.101.0 0.0.0.255 destination 10.1.103.0 0.0.0.255 counting

 rule 3 permit ip source 10.1.103.0 0.0.0.255 destination 10.1.101.0 0.0.0.255 counting

 

 rule 4 permit ip source 10.1.102.0 0.0.0.255 destination 10.1.103.0 0.0.0.255 counting

 rule 5 permit ip source 10.1.103.0 0.0.0.255 destination 10.1.102.0 0.0.0.255 counting

 

 rule 6 permit ip source 10.1.104.0 0.0.0.255 destination 10.1.103.0 0.0.0.255 counting

 rule 7 permit ip source 10.1.103.0 0.0.0.255 destination 10.1.104.0 0.0.0.255 counting

 

 rule 8 permit ip source 10.1.105.0 0.0.0.255 destination 10.1.103.0 0.0.0.255 counting

 rule 9 permit ip source 10.1.103.0 0.0.0.255 destination 10.1.105.0 0.0.0.255 counting

 

 rule 100 deny ip counting

 

 

# On 1950 trunk interfaces apply the packet filters:

 

packet-filter 3000 inbound

packet-filter 3000 outbound

 

For 1950 there are some details for ACL (page 60) and there is conf example for ACL-based packet filter (page 119).

https://support.hpe.com/hpesc/public/docDisplay?docId=c04657809

 

I hope this helps.

 

Best regards

I am an HPE Employee

Accept or Kudo


0 Kudos
tresla_newbie
Frequent Visitor

‎02-02-2020 05:32 PM

‎02-02-2020 05:32 PM

Re: Blocking vlan commnicate between vlans but only allow 1 vlan to communicate between all vlans

hi,

thanks for your help, let me try it and give you an update.

 

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.