davemcclintock123
asked on
Stop Inter-VLAN Routing to only one subnet (DMZ)
Hi,
I have an HP E5406zl Core switch that I'd like to stop one VLAN, my DMZ, from being able to route to the other VLANs. I'll be untagging 2 ports on the switch, one will connect to my VM host for the servers in my DMZ, and the other will uplink to the DMZ Port on my Firewall. I did a "no ip route 192.168.10.0/24 VLAN 100", which is my DMZ, but when I do a "show IP route", it still shows the DMZ, because it's connected. And I'm still able to ping 192.168.10.1 from the other VLANs. I realize I may need to create an ACL for this, but I've never done one before, just in Cisco Class a long time ago...Here's some of the info from the switch and Firewall:
Firewall DMZ IP 192.168.10.2
Core Switch DMZ IP 192.168.10.1 VLAN 100
Other Subnet IPs/VLANs
192.168.1.1 VLAN 10
192.168.3.1 VLAN 30
10.91.86.8 VLAN 160 (Phones)
192.168.40.10 VLAN 400
192.168.50.10 VLAN 500
192.168.60.10 VLAN 600
10.0.0.10 VLAN 700
10.0.1.10 VLAN 800
192.168.254.10 VLAN 1 (Management VLAN)
I've also attached the Running Config for the Core Switch (E5406zl), with a show IP and show IP route at the end of it . I'd appreciate any help I can get with this
Thanks
Chuck
Core-Switch-Running-config-042715.TXT
I have an HP E5406zl Core switch that I'd like to stop one VLAN, my DMZ, from being able to route to the other VLANs. I'll be untagging 2 ports on the switch, one will connect to my VM host for the servers in my DMZ, and the other will uplink to the DMZ Port on my Firewall. I did a "no ip route 192.168.10.0/24 VLAN 100", which is my DMZ, but when I do a "show IP route", it still shows the DMZ, because it's connected. And I'm still able to ping 192.168.10.1 from the other VLANs. I realize I may need to create an ACL for this, but I've never done one before, just in Cisco Class a long time ago...Here's some of the info from the switch and Firewall:
Firewall DMZ IP 192.168.10.2
Core Switch DMZ IP 192.168.10.1 VLAN 100
Other Subnet IPs/VLANs
192.168.1.1 VLAN 10
192.168.3.1 VLAN 30
10.91.86.8 VLAN 160 (Phones)
192.168.40.10 VLAN 400
192.168.50.10 VLAN 500
192.168.60.10 VLAN 600
10.0.0.10 VLAN 700
10.0.1.10 VLAN 800
192.168.254.10 VLAN 1 (Management VLAN)
I've also attached the Running Config for the Core Switch (E5406zl), with a show IP and show IP route at the end of it . I'd appreciate any help I can get with this
Thanks
Chuck
Core-Switch-Running-config-042715.TXT
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Great quick response
glad it worked :)
ASKER
I configured the ACL today, and it looks like it worked
Thanks
Chuck