HPE GreenLake Administration
- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- Re: Problems with ACLs.
Switches, Hubs, and Modems
1825748
Members
2499
Online
109687
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-02-2010 08:56 AM
12-02-2010 08:56 AM
Any help would be most appreciated. I have a 5406zl and 2600 switch configured with multiple VLANs. We have a perimeter firewall on the default vlan (id:1) and have recently introduced a Wireless/Guest VLAN (id:30).
What I would like to do, is to restrict all access from the Wireless/Guest VLAN to only the perimeter firewall and beyond.
So effectively, if the firewall is on 192.168.1.1 and the Guest VLAN is 192.168.10.0 I want all traffic coming from the 192.168.10.0 network to be restricted to the firewall on 192.168.1.1 and not be able to access anything else on the default vlan.
Any help would be most appreciated.
Thanks for looking.
What I would like to do, is to restrict all access from the Wireless/Guest VLAN to only the perimeter firewall and beyond.
So effectively, if the firewall is on 192.168.1.1 and the Guest VLAN is 192.168.10.0 I want all traffic coming from the 192.168.10.0 network to be restricted to the firewall on 192.168.1.1 and not be able to access anything else on the default vlan.
Any help would be most appreciated.
Thanks for looking.
Solved! Go to Solution.
3 REPLIES 3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-03-2010 12:17 AM
12-03-2010 12:17 AM
Solution
Simpelest way is NOT to configure routing between the gest VLAN and the default vlan.
Then you don't need to fiddle with ACL's.
- Only the firewall needs an ip-adress in this vlan.
- If the switch is configured for routing, don't give it an ip-adress in this guest vlan.
- Don't give any other switch an ip-adress in this guest vlan.
The switches will forward packets on layer-2 to other ports in the same vlan as if it was a physical separate network.
NB! you may want to add another vlan to make your access-point reachable for management.
Offcourse your AP's must support this.
Then you don't need to fiddle with ACL's.
- Only the firewall needs an ip-adress in this vlan.
- If the switch is configured for routing, don't give it an ip-adress in this guest vlan.
- Don't give any other switch an ip-adress in this guest vlan.
The switches will forward packets on layer-2 to other ports in the same vlan as if it was a physical separate network.
NB! you may want to add another vlan to make your access-point reachable for management.
Offcourse your AP's must support this.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-06-2010 01:57 PM
12-06-2010 01:57 PM
Re: Problems with ACLs.
I like your bit of lateral thinking... however, though I don't doubt that your method doesn't work, I managed to implement the appropriate ACLs, but thanks for your help.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-06-2010 11:32 PM
12-06-2010 11:32 PM
Re: Problems with ACLs.
As it was not the solution to your question, 10 points is a bit high.
But thanks very much, you flipped me over the 2500 points and changed my hat from wizzard to royalty.
But thanks very much, you flipped me over the 2500 points and changed my hat from wizzard to royalty.
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Support
Events and news
Customer resources
© Copyright 2025 Hewlett Packard Enterprise Development LP