[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 545
  • Last Modified:

HP3800 Switch VLAN Segregation with ACLs

Have 5 vlans on a HP3800 switch and I only need 3 of them talking to each other and the other 2 segregated but able to talk to next hop router. I'm also curious to find out if I can specify the kind of dialogue that happen between the vlans, ie restrict the dialogue to certain ports and protocols...
0
Chrismal01
Asked:
Chrismal01
  • 3
  • 2
1 Solution
 
LeeeeeCommented:
You will want to look at Access-Lists which you will place on the VLAN gateways which is normally a router or if the HP3800 is layer 3, placed on VLAN interfaces on that switch.

Access-lists allow you to restrict communication to a specific source/destination IP address as well as allow more granular control, such as allowing communication between one vlan to another vlan only over port 80 etc etc.
0
 
Chrismal01Author Commented:
For more details, ip routing is enabled and the default gateway for all vlans is set to next hop router which (comes up automatically in the gui for some reason when adding a new vlan).
0
 
LeeeeeCommented:
Access lists will be the most effective for your needs. It would make sense to place them on the upstream router vlan interfaces which serve as the gateway for your VLANs.

Digging in to the HP3800 more, the switch itself has a robust list of features including Identity-driven ACL's.
0
 
Chrismal01Author Commented:
The commands for those ACLs are exactly what I'm trying to figure out... Something like the following but in proper switch language:

acl permit src-vlan dest-vlan service (ftp,icmp,...)
acl deny src-vlan dest-vlan any
...
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now