So I am working on a RAP155 and I have my port configuration profile all set up. I am trunking six VLANs across it for testing and it works. The trunked port on the RAP155 is connected to a trunked port on an old Cisco 3750 and and I can break out the VLANs onto different access ports and can ping back to the controller and even have Internet access through the tunnel. Happy happy joy joy!
The problem is that there is cross VLAN communication and I don't want that. So I go into each VLAN IP INTERFACE configuration on the controller and DISABLE Inter-VLAN Routing (you know, UN-check the little box) and yet I can still ping across VLANs. Not cool.
Side note, all of the VLANs in question "live" on the controller
Anyone have any insight?
No Inter VLAN Routing, means that that client cannot use the ip interface of the controller to route traffic to other subnets. If the client's default gateway is not the controller, that enforcement will not take place.
This was designed to protect against clients changing their default gateway to a controller ip interface in order to circumvent traditional routing.
Hey CJ, to clarify, I am using the controller IPs of these vlans for the gateways for the test clients. There is no DHCP, everything has to be set statically.
That's why I thought disabling inter vlan routing would stop the cross vlan communication. Yet, it is still happening. See my confusion?
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.