Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

HP3800 Switch VLAN Segregation with ACLs

Posted on 2013-01-11
5
Medium Priority
?
544 Views
Last Modified: 2013-01-31
Have 5 vlans on a HP3800 switch and I only need 3 of them talking to each other and the other 2 segregated but able to talk to next hop router. I'm also curious to find out if I can specify the kind of dialogue that happen between the vlans, ie restrict the dialogue to certain ports and protocols...
0
Comment
Question by:Chrismal01
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 5

Expert Comment

by:Leeeee
ID: 38767654
You will want to look at Access-Lists which you will place on the VLAN gateways which is normally a router or if the HP3800 is layer 3, placed on VLAN interfaces on that switch.

Access-lists allow you to restrict communication to a specific source/destination IP address as well as allow more granular control, such as allowing communication between one vlan to another vlan only over port 80 etc etc.
0
 

Author Comment

by:Chrismal01
ID: 38767724
For more details, ip routing is enabled and the default gateway for all vlans is set to next hop router which (comes up automatically in the gui for some reason when adding a new vlan).
0
 
LVL 5

Expert Comment

by:Leeeee
ID: 38768158
Access lists will be the most effective for your needs. It would make sense to place them on the upstream router vlan interfaces which serve as the gateway for your VLANs.

Digging in to the HP3800 more, the switch itself has a robust list of features including Identity-driven ACL's.
0
 

Author Comment

by:Chrismal01
ID: 38768658
The commands for those ACLs are exactly what I'm trying to figure out... Something like the following but in proper switch language:

acl permit src-vlan dest-vlan service (ftp,icmp,...)
acl deny src-vlan dest-vlan any
...
0
 
LVL 5

Accepted Solution

by:
Leeeee earned 1500 total points
ID: 38768719
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question