?
Solved

HP3800 Switch VLAN Segregation with ACLs

Posted on 2013-01-11
5
Medium Priority
?
547 Views
Last Modified: 2013-01-31
Have 5 vlans on a HP3800 switch and I only need 3 of them talking to each other and the other 2 segregated but able to talk to next hop router. I'm also curious to find out if I can specify the kind of dialogue that happen between the vlans, ie restrict the dialogue to certain ports and protocols...
0
Comment
Question by:Chrismal01
  • 3
  • 2
5 Comments
 
LVL 5

Expert Comment

by:Leeeee
ID: 38767654
You will want to look at Access-Lists which you will place on the VLAN gateways which is normally a router or if the HP3800 is layer 3, placed on VLAN interfaces on that switch.

Access-lists allow you to restrict communication to a specific source/destination IP address as well as allow more granular control, such as allowing communication between one vlan to another vlan only over port 80 etc etc.
0
 

Author Comment

by:Chrismal01
ID: 38767724
For more details, ip routing is enabled and the default gateway for all vlans is set to next hop router which (comes up automatically in the gui for some reason when adding a new vlan).
0
 
LVL 5

Expert Comment

by:Leeeee
ID: 38768158
Access lists will be the most effective for your needs. It would make sense to place them on the upstream router vlan interfaces which serve as the gateway for your VLANs.

Digging in to the HP3800 more, the switch itself has a robust list of features including Identity-driven ACL's.
0
 

Author Comment

by:Chrismal01
ID: 38768658
The commands for those ACLs are exactly what I'm trying to figure out... Something like the following but in proper switch language:

acl permit src-vlan dest-vlan service (ftp,icmp,...)
acl deny src-vlan dest-vlan any
...
0
 
LVL 5

Accepted Solution

by:
Leeeee earned 1500 total points
ID: 38768719
0

Featured Post

Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

600 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question