Improve company productivity with a Business Account.Sign Up

x
?
Solved

HP3800 Switch VLAN Segregation with ACLs

Posted on 2013-01-11
5
Medium Priority
?
550 Views
Last Modified: 2013-01-31
Have 5 vlans on a HP3800 switch and I only need 3 of them talking to each other and the other 2 segregated but able to talk to next hop router. I'm also curious to find out if I can specify the kind of dialogue that happen between the vlans, ie restrict the dialogue to certain ports and protocols...
0
Comment
Question by:Chrismal01
  • 3
  • 2
5 Comments
 
LVL 5

Expert Comment

by:Leeeee
ID: 38767654
You will want to look at Access-Lists which you will place on the VLAN gateways which is normally a router or if the HP3800 is layer 3, placed on VLAN interfaces on that switch.

Access-lists allow you to restrict communication to a specific source/destination IP address as well as allow more granular control, such as allowing communication between one vlan to another vlan only over port 80 etc etc.
0
 

Author Comment

by:Chrismal01
ID: 38767724
For more details, ip routing is enabled and the default gateway for all vlans is set to next hop router which (comes up automatically in the gui for some reason when adding a new vlan).
0
 
LVL 5

Expert Comment

by:Leeeee
ID: 38768158
Access lists will be the most effective for your needs. It would make sense to place them on the upstream router vlan interfaces which serve as the gateway for your VLANs.

Digging in to the HP3800 more, the switch itself has a robust list of features including Identity-driven ACL's.
0
 

Author Comment

by:Chrismal01
ID: 38768658
The commands for those ACLs are exactly what I'm trying to figure out... Something like the following but in proper switch language:

acl permit src-vlan dest-vlan service (ftp,icmp,...)
acl deny src-vlan dest-vlan any
...
0
 
LVL 5

Accepted Solution

by:
Leeeee earned 1500 total points
ID: 38768719
0

Featured Post

Become a Leader in Data Analytics

Gain the power to turn raw data into better business decisions and outcomes in your industry. Transform your career future by earning your MS in Data Analytics. WGU’s MSDA program curriculum features IT certifications from Oracle and SAS.  

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

588 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question