Hi,i have a question, i run a 3810M in Layer 3 mode with 10 VLANS and one ACL on a VLAN. Now i need a Guest VLAN. This VLAN needs Layer 2 funktion only.This Guest VLAN must be completely isolated from the routing.
What is your opinion to set this?
HiIf the Guest VLAN is L2 only on the switches I don't see any security issues.L3 interfaces You have on switches can't communicate neither share any information with L3 on ISP router. Assuming You don't route corporate Internet traffic out using Guest Vlan L3 = only Guest Vlan ports are able to use ISP router for any routing to Internet only.Corporate users have separated Internet access, right.
If required hard isolation:Strict option is to use Private VLAN , this really isolates all but give access to Gw port of ISP router and further if needed isolates traffic between switch ports in Guest Vlan so it provides isolation restricting even Guest Vlan users to see each other (p-2-p blocking). I don't think this is what You are seeking but if required:https://techhub.hpe.com/eginfolib/Aruba/16.09/5200-5909/index.html#v35726672.htmlAnd You can test Your solution with Your PC only before implementing it to production finally. To verify.BrJuha-Pekka
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.