3COM VLAN
Does created VLANs route by itself by default ? I have created few VLANs and it can communicate within each VLAN. Any idea ?
Tks
Configuration.txt
Tks
Configuration.txt
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
If it is anything like HP Procurve, all VLANs can talk to all VLANs by default. You need to configure acls in the Layer3 switch to stop the hopping between VLANs.
The Layer3 switch automatically has a route map. If it knows about all 3 VLAN's, it knows how to route them. Apply ACLs to prevent traffic between them.
Have a look at: http://www.h3c.com/portal/Technical_Support___Documents/Technical_Documents/WLAN/Access_Controller/H3C_WX3000_Series_Unified_Switches/Configuration/Operation_Manual/H3C_WX3000_CG-6W103/201007/685290_1285_0.htm
specifically, Assigning an ACL to a VLAN.
The Layer3 switch automatically has a route map. If it knows about all 3 VLAN's, it knows how to route them. Apply ACLs to prevent traffic between them.
Have a look at: http://www.h3c.com/portal/Technical_Support___Documents/Technical_Documents/WLAN/Access_Controller/H3C_WX3000_Series_Unified_Switches/Configuration/Operation_Manual/H3C_WX3000_CG-6W103/201007/685290_1285_0.htm
specifically, Assigning an ACL to a VLAN.
This is a quick example I found googling:
acl number 3011
description Inbound vlan 11 traffic
rule deny ip source 10.0.11.0 255.255.255.0 destination 10.0.13.0 255.255.255.0
rule permit ip source any
quit
now go into vlan interface 11 and apply the acl
int vlan 11
packet-filter 3011 inbound
quit
You can find more here (message 10 has the full example): http://h30499.www3.hp.com/t5/Comware-Based/Can-we-restrict-routing-between-VLANs-in-A5120-using-ACL/td-p/5398109#.Vfjcc_lVhBc
acl number 3011
description Inbound vlan 11 traffic
rule deny ip source 10.0.11.0 255.255.255.0 destination 10.0.13.0 255.255.255.0
rule permit ip source any
quit
now go into vlan interface 11 and apply the acl
int vlan 11
packet-filter 3011 inbound
quit
You can find more here (message 10 has the full example): http://h30499.www3.hp.com/t5/Comware-Based/Can-we-restrict-routing-between-VLANs-in-A5120-using-ACL/td-p/5398109#.Vfjcc_lVhBc
on vlan-interface1
rule 10 deny ip source 10.0.23.253 destination 10.0.22.253
rule 20 deny ip source 10.0.23.253 destination 10.0.21.253
rule 30 deny ip source 10.0.23.253 destination 10.0.20.253
on vlan-interface10
rule 10 deny ip source 10.0.22.253 destination 10.0.23.253
rule 20 deny ip source 10.0.22.253 destination 10.0.21.253
rule 30 deny ip source 10.0.22.253 destination 10.0.20.253
so on interface 100, 200
rule 10 deny ip source 10.0.23.253 destination 10.0.22.253
rule 20 deny ip source 10.0.23.253 destination 10.0.21.253
rule 30 deny ip source 10.0.23.253 destination 10.0.20.253
on vlan-interface10
rule 10 deny ip source 10.0.22.253 destination 10.0.23.253
rule 20 deny ip source 10.0.22.253 destination 10.0.21.253
rule 30 deny ip source 10.0.22.253 destination 10.0.20.253
so on interface 100, 200
Premium Content
You need an Expert Office subscription to comment.Start Free Trial