- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Web and Unmanaged
- >
- prevent inter-vlan routing hp 1920
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-05-2015 02:29 PM
10-05-2015 02:29 PM
Hi All,
I have created two network and want to isolate - however it it routing between networks.
Any advise?
Michael
version 5.20.99, Release 1108
sysname lon-sw-01
dhcp relay server-group 1 ip 172.30.70.1
dhcp relay server-group 2 ip 192.168.0.1
domain default enable system
ipv6
telnet server enable
password-recovery enable
vlan 1
description default
vlan 10
description guest wifi
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
traffic classifier class1 operator and
user-group system
group-attribute allow-guest
local-user admin
authorization-attribute level 3
service-type lan-access
service-type ssh telnet terminal
service-type web
stp mode rstp
stp enable
interface NULL0
interface Vlan-interface1
ip address 172.31.70.2 255.255.255.0
dhcp select relay
dhcp relay server-select 1
interface Vlan-interface10
ipv6 address auto link-local
ip address 192.168.0.2 255.255.255.0
dhcp select relay
dhcp relay server-select 2
interface GigabitEthernet1/0/1
port auto-power-down
poe enable
stp edged-port enable
interface GigabitEthernet1/0/2
port auto-power-down
poe enable
stp edged-port enable
interface GigabitEthernet1/0/3
port auto-power-down
poe enable
stp edged-port enable
interface GigabitEthernet1/0/4
interface GigabitEthernet1/0/5
port link-type hybrid
port hybrid vlan 10 tagged
port hybrid vlan 1 untagged
port auto-power-down
poe enable
stp edged-port enable
interface GigabitEthernet1/0/6
port access vlan 10
port auto-power-down
poe enable
stp edged-port enable
interface GigabitEthernet1/0/7
port link-type hybrid
port hybrid vlan 10 tagged
port hybrid vlan 1 untagged
port auto-power-down
poe enable
stp edged-port enable
interface GigabitEthernet1/0/8
port auto-power-down
poe enable
stp edged-port enable
interface GigabitEthernet1/0/9
stp edged-port enable
interface GigabitEthernet1/0/10
stp edged-port enable
ip route-static 0.0.0.0 0.0.0.0 Vlan-interface1 172.31.70.1
dhcp enable
load xml-configuration
user-interface aux 0
authentication-mode scheme
user-interface vty 0 15
authentication-mode scheme
return
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-07-2015 03:22 AM
10-07-2015 03:22 AM
Re: prevent inter-vlan routing hp 1920
Michael,
As you are not using a VRF capable switch, you cannot actually stop traffic from routing between these VLANs. What you can do however, is write an ACL to drop traffic that would otherwise be routed in this way.
Out of interest - do guests in VLAN 10 route via VLAN 1 for their Internet access?
Regards,
Peter
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-09-2015 07:34 AM
10-09-2015 07:34 AM
SolutionHi Pete,
yes ACL below does the job. Guest network goes out via port 6 - untagged to vlan 10 and into different FW i/f.
received some help from HP Support and got it working.
Vlan1 :172.31.70.0/24
Vlan10 : 192.168.10.0/24
Created a vlan interface :
interface Vlan-interface10
ip address 192.168.10.1 255.255.255.0
interface Vlan-interface1
ip address 172.31.70.1 255.255.255.0
acl :
acl number 3001 name ASH3
rule 0 deny ip source 192.168.10.0 0.0.0.255 destination 172.31.70.0 0.0.0.255
rule 5 permit ip source any destination any
Map the acl in the interface where the AP is connected to as inbound.
interface GigabitEthernet1/0/2
port auto-power-down
poe enable
packet-filter 3001 inbound
stp edged-port enable