Solved

HP3800 Switch VLAN Segregation with ACLs

Posted on 2013-01-11
5
537 Views
Last Modified: 2013-01-31
Have 5 vlans on a HP3800 switch and I only need 3 of them talking to each other and the other 2 segregated but able to talk to next hop router. I'm also curious to find out if I can specify the kind of dialogue that happen between the vlans, ie restrict the dialogue to certain ports and protocols...
0
Comment
Question by:Chrismal01
  • 3
  • 2
5 Comments
 
LVL 5

Expert Comment

by:Leeeee
ID: 38767654
You will want to look at Access-Lists which you will place on the VLAN gateways which is normally a router or if the HP3800 is layer 3, placed on VLAN interfaces on that switch.

Access-lists allow you to restrict communication to a specific source/destination IP address as well as allow more granular control, such as allowing communication between one vlan to another vlan only over port 80 etc etc.
0
 

Author Comment

by:Chrismal01
ID: 38767724
For more details, ip routing is enabled and the default gateway for all vlans is set to next hop router which (comes up automatically in the gui for some reason when adding a new vlan).
0
 
LVL 5

Expert Comment

by:Leeeee
ID: 38768158
Access lists will be the most effective for your needs. It would make sense to place them on the upstream router vlan interfaces which serve as the gateway for your VLANs.

Digging in to the HP3800 more, the switch itself has a robust list of features including Identity-driven ACL's.
0
 

Author Comment

by:Chrismal01
ID: 38768658
The commands for those ACLs are exactly what I'm trying to figure out... Something like the following but in proper switch language:

acl permit src-vlan dest-vlan service (ftp,icmp,...)
acl deny src-vlan dest-vlan any
...
0
 
LVL 5

Accepted Solution

by:
Leeeee earned 500 total points
ID: 38768719
0

Featured Post

Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco Policy based routing 2 49
Non-jumbo host to jumbo enabled switch: Will it work? 3 29
adjusting startup config 6 26
IP range 6 33
AWS has developed and created its highly available global infrastructure allowing users to deploy and manage their estates all across the world through the use of the following geographical components   RegionsAvailability ZonesEdge Locations  Wh…
The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question