HPE Community
Switches, Hubs, and Modems
1752786 Members
5962 Online
108789 Solutions
New Discussion юеВ

Re: Inter-VLAN routing and prohibiting certain VLANs

 
KCollinson
Advisor

тАО04-07-2009 12:44 AM

тАО04-07-2009 12:44 AM

Inter-VLAN routing and prohibiting certain VLANs

Morning All,

What is the prefurred way to stop certain VLANs from communicating with other VLANs once IP routing is enabled.

I have 4 VLANs, one of those VLAN's (Open 2 Public access) should not be able to route to the other 3 VLANs?

Thanks,
Karl.
0 Kudos
11 REPLIES 11
cenk sasmaztin
Honored Contributor

тАО04-07-2009 01:02 AM

тАО04-07-2009 01:02 AM

Re: Inter-VLAN routing and prohibiting certain VLANs

yes it is possible
you can use acl or source port filter

2610,3500,3400,5400 switch able acl config
sperate route trafic between vlan

but all other hp switch unable acl in this case you can use source port filter feature

source port filter feature deny or permit between switch port comminication
cenk

0 Kudos
KCollinson
Advisor

тАО04-07-2009 03:09 AM

тАО04-07-2009 03:09 AM

Re: Inter-VLAN routing and prohibiting certain VLANs

Hi Cenk,

Lets say im using a 2610.

- 4 x VLANS
- Default route forwarding to the WAN router.
- 3 Static routes on router supporting VLAN to WAN traffic

4th static route is not required as router resides on the 4th VLAN

All VLANs require WAN connectivity, but one of the VLANs is NOT to be able to Route to the 3 over VLANs.

What is really the best way to do so?

Thanks.
Karl.
0 Kudos
cenk sasmaztin
Honored Contributor

тАО04-07-2009 11:36 AM

тАО04-07-2009 11:36 AM

Re: Inter-VLAN routing and prohibiting certain VLANs

http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1283116

please read

if you want sperate between vlan routing
must be use access control list

2610 switch support acl
cenk

0 Kudos
cenk sasmaztin
Honored Contributor

тАО04-07-2009 11:49 AM

тАО04-07-2009 11:49 AM

Re: Inter-VLAN routing and prohibiting certain VLANs

for example

vlan 1 ip address 192.168.1.1/24
vlan 2 ip address 192.168.2.1/24
vlan 3 ip address 192.168.3.1/24
vlan 4 ip address 192.168.4.1/24

you write default route to internet router on switch
0.0.0.0 0.0.0.0 192.168.1.2(interent router connect vlan 1 and ip address 1.2)

after you can write only one static route on internet router to switch
192.168.0.0 255.255.0.0 192.168.1.1
;)









cenk

0 Kudos
cenk sasmaztin
Honored Contributor

тАО04-07-2009 12:07 PM

тАО04-07-2009 12:07 PM

Re: Inter-VLAN routing and prohibiting certain VLANs

no any way 4th vlan connect to internet

write four static route to switch on internet router or one static route on internet router (including all network subnet)
cenk

0 Kudos
KCollinson
Advisor

тАО04-08-2009 12:41 AM

тАО04-08-2009 12:41 AM

Re: Inter-VLAN routing and prohibiting certain VLANs

Hi Cenk.

I need WAN connectivity for all 4 VLANs.

One of the 4 VLANS is for public WiFi (Hotspot) lets call it VID 4.

VID 4 needs to access the WAN but not be able to speak to End points on VID 1,2,3.

The Router for all the WAN connectivity will reside on VID 4 for DHCP reasons.
----------------

Ive not used ACL's before, if i stop traffic from VID 1-3 to VID 4 and the WAN router is located on VID 4 will i not encounter WAN connectivity problems?
Thanks!!!
Karl.
0 Kudos
cenk sasmaztin
Honored Contributor

тАО04-08-2009 12:56 AM

тАО04-08-2009 12:56 AM

Re: Inter-VLAN routing and prohibiting certain VLANs

hi Karl may be use filter port feature on switch

for example

config)# filter source-port 1 drop 2-10
command with not connection port 1 with 2,3,4,5,6,7,8,9,10

you can isolation vlan 4 member port with other vlan port
cenk

0 Kudos
cenk sasmaztin
Honored Contributor

тАО04-08-2009 01:05 AM

тАО04-08-2009 01:05 AM

Re: Inter-VLAN routing and prohibiting certain VLANs

vlan 4 member ports isolation all other vlan ports only connected with internet router port

in this way isolation vlan 4 traffic all other vlan's
cenk

0 Kudos
KCollinson
Advisor

тАО04-08-2009 01:52 AM

тАО04-08-2009 01:52 AM

Re: Inter-VLAN routing and prohibiting certain VLANs

Morning,

I have enclosed a diagram of what im trying to do.

The only Inter-VLAN routing i want is from VID 3 to VID 2 and all VLANs to have WAN access.


Sorry to be a pain,
Thanks and best regards,
Karl.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.