Switches, Hubs, and Modems
1748216 Members
3536 Online
108759 Solutions
New Discussion юеВ

Re: VLAN routing help - 5406zl

 
Brian Bickers
Occasional Contributor

VLAN routing help - 5406zl

We are implementing a proxy server/web filter for our users. To avoid pumping all of my traffic through this box, I would like some VLANs to go through the web filtering server while allowing others to bypass it completely.

Network config is as follows:
-> Procurve 5406zl switch with 2 blades
-> All user VLANs are connected to PWR-2650s uplinked to the 5406zl via fiber (ports A21-24 and B21-24)
-> All servers are connected to Procurve 2400s which are then direct connected to the 5406zl on a RJ-45 port (A1-A20 and B1-B20)
-> Firewall/internet is connected to port A1

What I would like to accomplish is to route all outbound user traffic (ports A21-24 or B21-24) to go one way (through the web filter) then to the firewall while all other traffic (servers, etc connected to A1-20 or B1-20) to go straight to the firewall.

Will the 5406zl support multiple routing destinations based on source IP or VLAN? Can I route VLAN-5 through one port while routing the DEFAULT-VLAN through another? If so, how can I configure this?

Thanks in advance for everyone's help and advice!
2 REPLIES 2
Olaf Borowski
Respected Contributor

Re: VLAN routing help - 5406zl

Sorry Brian, that is "policy based routing" and is currently not supported on this box.
Pieter 't Hart
Honored Contributor

Re: VLAN routing help - 5406zl

If we're talking browser settings, then on the workstations you configure a domain-policy to use the web-filter as proxy-server.
For the servers you create a policy NOT to use a proxy server but go directly to the firewall.

In the firewall you configure only servers (and the webfilter) can connect to the internet, and block direct connections from clients (eg. based on range of ip-adresses).

on the procurves no configuration is needed.