3COM VLAN

AXISHK
AXISHK used Ask the Experts™
on
Does created VLANs route by itself by default ? I have created few VLANs and it can communicate within each VLAN. Any idea ?

Tks
Configuration.txt
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
If it is anything like HP Procurve, all VLANs can talk to all VLANs by default.  You need to configure acls in the Layer3 switch to stop the hopping between VLANs.

The Layer3 switch automatically has a route map.  If it knows about all 3 VLAN's, it knows how to route them.  Apply ACLs to prevent traffic between them.

Have a look at: http://www.h3c.com/portal/Technical_Support___Documents/Technical_Documents/WLAN/Access_Controller/H3C_WX3000_Series_Unified_Switches/Configuration/Operation_Manual/H3C_WX3000_CG-6W103/201007/685290_1285_0.htm

specifically, Assigning an ACL to a VLAN.
This is a quick example I found googling:

acl number 3011
description Inbound vlan 11 traffic
rule deny ip source 10.0.11.0 255.255.255.0 destination 10.0.13.0 255.255.255.0
rule permit ip source any
quit
 
 now go into vlan interface 11 and apply the acl
 
int vlan 11
packet-filter 3011 inbound
quit

You can find more here (message 10 has the full example): http://h30499.www3.hp.com/t5/Comware-Based/Can-we-restrict-routing-between-VLANs-in-A5120-using-ACL/td-p/5398109#.Vfjcc_lVhBc
on vlan-interface1
rule 10 deny ip source 10.0.23.253 destination 10.0.22.253
rule 20 deny ip source 10.0.23.253 destination 10.0.21.253
rule 30 deny ip source 10.0.23.253 destination 10.0.20.253

on vlan-interface10
rule 10 deny ip source 10.0.22.253 destination 10.0.23.253
rule 20 deny ip source 10.0.22.253 destination 10.0.21.253
rule 30 deny ip source 10.0.22.253 destination 10.0.20.253

so on interface 100, 200

Author

Commented:
Tks

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial