Comware

 View Only
Back to discussions
Expand all | Collapse all

5300 procurve inter-vlan routing/ACL

This thread has been viewed 0 times

  • 1.  5300 procurve inter-vlan routing/ACL

    Posted Mar 04, 2005 06:19 AM
    I have two 5300 series procurve switches with 2 static (not including default) VLANs defined.
    I need to accomplish two tasks:
    1) enable a host (and only that host) from vlan-a to access a host (and only that host) on vlan -b

    and

    2) enable all hosts on vlan-b to access a host (printer - an of course, only that printer) on vlan-a

    I could do it through an external router/firewall device, but would rather have it performed internally in the switches...
    any help is much appreciated...


  • 2.  RE: 5300 procurve inter-vlan routing/ACL

    Posted Mar 05, 2005 06:51 PM
    access-list 101 permit ip host a.b.c.d host e.f.g.h
    access-list 101 permit ip any host e.f.g.i


    then

    vlan a access-group 101 in

    where a.b.c.d is the ip address of the vlan-a host and e.f.g.h is the IP address of the vlan-b host from 1)

    e.f.g.i is the IP address of the printer.

    a is the vlan number of vlan -a

    The list has an implicit deny ip any any at the end so that's all the traffic it will pass at layer 3. If there were a router with connection to the internet involved then we would need to add

    access-list 101 deny ip any e.f.g.0 0.0.0.255
    access-list 101 permit ip any any

    Ron


  • 3.  RE: 5300 procurve inter-vlan routing/ACL

    Posted Mar 07, 2005 04:27 AM
    Thsnks,
    Carl.


  • 4.  RE: 5300 procurve inter-vlan routing/ACL

    Posted Mar 07, 2005 04:28 AM
    Solution was simple ACL as demonstrated in thread reply.


Related Content