We help IT Professionals succeed at work.

Limiting a single VLAN for external access only using ACL HP Procurve

laurenofis
laurenofis asked
on
5 Comments
1 Solution
121 Views
Last Modified: 2015-11-03
Hello Experts

I am trying to configure a switch to provide multiple vlans for users, as well as a private vlan for guest Wi-Fi. VLAN 15 has the DHCP server

VLAN 1 – Not used
VLAN A – IP set, used for clients in building A. IP helper address set
VLAN B – IP set, used for clients in building B. IP helper address set
VLAN C – IP set, used for guest Wi-Fi. IP helper address set

Currently all VLANs can talk to each other, our data center, our main office, and the internet.

I would like to limit traffic on VLAN C to only be able to go out to the internet but not reach any of our internal network. Since IP routing is enabled on the switch it is letting all traffic pass. I know I will have to use an ACL to limit this but I don’t quite understand ACL’s.

Ideally I would like to use the DHCP server on VLAN A but if that will not work I can set up another DHCP server on VLAN C. I am using a Ruckus Zone Director and access points for the Wi-Fi. This device can understand VLAN tags so in Building A the access points will be tagged with VLAN A and C, building B will be tagged with B and C.

I am using HP Procurve 2920 Layer 3 switch in both buildings A and B. The buildings are connected with a wireless bridge.


Thank you for your help,
Sam
Comment
Watch Question

View Solution Only

Bryant Schaper
CERTIFIED EXPERT

Commented:
Set an ACL to deny ip vlan a to vlan b

Example deny ip 10.0.1.0 0.0.0.255 10.0.2.0 0.0.0.255

Before that you could use a permit to allow dhcp

The ruckus controller should be able to does this well I believe as it serves as the traffic cop for the wifi network. But it has been awhile sense I used the controller.  Ruckus is awesome.
laurenofis

Author

Commented:
Can I apply that to just VLAN C? Would I also have to put a rule to limit the other 30 VLANs on the network (Other locations, Data center, ect).
Bryant Schaper
CERTIFIED EXPERT

Commented:
yes, the deny statement is based source and then destination.   You can probably summary the other side as a deny as well instead of 30 additional statements.
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
laurenofis

Author

Commented:
The other answers provided did not work

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.

View Solution