Comware

 View Only
last person joined: 2 days ago 

Back to discussions
Expand all | Collapse all

Isolate VLAN - 1910 - 500

This thread has been viewed 0 times

  • 1.  Isolate VLAN - 1910 - 500

    Posted Apr 04, 2016 06:05 PM

    Hi.

    I would like to know how I can isolate a specific vlan from the other vlans without using an ACL to deny the traffic?

    Denying the traffic through an ACL works but I would like to do the inverse. Isolate the vlan 202 and only permit through ACL the UDP because the DHCP service and the traffic to the firewall.

    The access switches are 1910 and the core 5500 HI.

    Thanks in advance.


    #isolate
    #VLAN
    #ACL


  • 2.  RE: Isolate VLAN - 1910 - 500

    Posted Apr 05, 2016 02:53 AM

    If  VLAN202 has a L3 interface on the switches, you do need ACL on the L3 switch. 
    And for DHCP (relay) you need a L3 interface....

    But if you move DHCP (relay) function to the firewall,  you can make VLAN202 L2 only on the switches, giving you isolation without switch ACLs.



  • 3.  RE: Isolate VLAN - 1910 - 500

    Posted Apr 05, 2016 07:12 AM

    All switches uses the DHCP relay function.

    So, the best way to block the inbound traffic from vlan 202 to 1 is denying the traffic through an ACL?

    Thanks in advance.


    #isolate
    #permit
    #relay
    #VLAN
    #DHCP
    #ACL
    #deny