Comware

Hello,

I have read many posts on this site discussing the 2650's routing abilities and had a quick question to clear things up for me.

When the command "ip routing" is used it enables routing and allows the switch to route between all vlans. If I do not enter the command "ip routing" can I then use static routes to further control routing between the vlans or does the command "ip routing" need to be used before the switch will do any kind of routing and as a result remove any possibility of securing communication between Vlans using the 2650 (Seems silly to be that HP would do this as this is one of the main benefits of Vlans other then separating broadcast domains of course).

I am guessing it is the later however I wanted to be sure. As a result the only way to secure the traffic would be to not use the "ip routing" command on the switch and connect a port from each vlan to an individual interface or sub-interface on a firewall/Router (Router on a stick) to control traffic.

Thank you,

Hi,
with ip routing enabled all vlans with an ip address will be routed automatically. so to keep a vlan from beeing routed just don't give it an ip address. as far as i know the 2650 doesn't support acl, so if you want more control you need the firewall/router solution.
hth
alex

Hi,

Thanks for your reply EckerA makes sense to me and it does help with my scenario (Itâ s KISS situation for sure ï â ¦ and I donâ t mean I want to kiss you I mean â keep it simple stupidâ ); however I still would like a more concrete answer to my above questionâ ¦ Can I route without using the â ip routingâ command with static routes or does â ip routingâ need to be used for any routing to take place on the 2650 switch.
Regards,

yes you need to enable ip routing for any routing to happen. static routes only works if ip routing is enabled.
hth
alex