asked on Limiting a single VLAN for external access only using ACL HP Procurve
Hello Experts
I am trying to configure a switch to provide multiple vlans for users, as well as a private vlan for guest Wi-Fi. VLAN 15 has the DHCP server
VLAN 1 – Not used
VLAN A – IP set, used for clients in building A. IP helper address set
VLAN B – IP set, used for clients in building B. IP helper address set
VLAN C – IP set, used for guest Wi-Fi. IP helper address set
Currently all VLANs can talk to each other, our data center, our main office, and the internet.
I would like to limit traffic on VLAN C to only be able to go out to the internet but not reach any of our internal network. Since IP routing is enabled on the switch it is letting all traffic pass. I know I will have to use an ACL to limit this but I don’t quite understand ACL’s.
Ideally I would like to use the DHCP server on VLAN A but if that will not work I can set up another DHCP server on VLAN C. I am using a Ruckus Zone Director and access points for the Wi-Fi. This device can understand VLAN tags so in Building A the access points will be tagged with VLAN A and C, building B will be tagged with B and C.
I am using HP Procurve 2920 Layer 3 switch in both buildings A and B. The buildings are connected with a wireless bridge.
Thank you for your help,
Sam
I am trying to configure a switch to provide multiple vlans for users, as well as a private vlan for guest Wi-Fi. VLAN 15 has the DHCP server
VLAN 1 – Not used
VLAN A – IP set, used for clients in building A. IP helper address set
VLAN B – IP set, used for clients in building B. IP helper address set
VLAN C – IP set, used for guest Wi-Fi. IP helper address set
Currently all VLANs can talk to each other, our data center, our main office, and the internet.
I would like to limit traffic on VLAN C to only be able to go out to the internet but not reach any of our internal network. Since IP routing is enabled on the switch it is letting all traffic pass. I know I will have to use an ACL to limit this but I don’t quite understand ACL’s.
Ideally I would like to use the DHCP server on VLAN A but if that will not work I can set up another DHCP server on VLAN C. I am using a Ruckus Zone Director and access points for the Wi-Fi. This device can understand VLAN tags so in Building A the access points will be tagged with VLAN A and C, building B will be tagged with B and C.
I am using HP Procurve 2920 Layer 3 switch in both buildings A and B. The buildings are connected with a wireless bridge.
Thank you for your help,
Sam
DHCPSwitches / HubsNetworking Hardware-OtherWireless HardwareNetwork Architecture
Last Comment
laurenofis
ASKER
Can I apply that to just VLAN C? Would I also have to put a rule to limit the other 30 VLANs on the network (Other locations, Data center, ect).
yes, the deny statement is based source and then destination. You can probably summary the other side as a deny as well instead of 30 additional statements.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
ASKER CERTIFIED SOLUTION
Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a questionASKER
The other answers provided did not work
Example deny ip 10.0.1.0 0.0.0.255 10.0.2.0 0.0.0.255
Before that you could use a permit to allow dhcp
The ruckus controller should be able to does this well I believe as it serves as the traffic cop for the wifi network. But it has been awhile sense I used the controller. Ruckus is awesome.