Comware

Hello,

Please excuse me, for my english, but I'm French.

I look for isolate 2 VLANs.

I configure the HPE 5100 (Comware) as below :

<HPE>  VLAN 34

name "Backup"

<HPE> VLAN 35

name "Technician"

<HPE>Interface vlan-interface 34

ip address 192.168.34.254 255.255.255.0

<HPE> Interface vlan-interface 35

ip address 192.168.35.254 255.255.255.0

<HPE>Interface GigabitEthernet 1/0/1

port link-type hybrid

port hybrid vlan 35 untagged

port hybrid pvid vlan 35

no port hybrid vlan 1

<HPE>Interface GigabitEthernet 1/0/2

port link-type hybrid

port hybrid vlan 35 untagged

port hybrid pvid vlan 35

no port hybrid vlan 1

<HPE>Interface GigabitEthernet 1/0/45

port link-type hybrid

port hybrid vlan 34 untagged

port hybrid pvid vlan 34

no port hybrid vlan 1

For Simplify

VLAN 34 :

Server1 = 192.168.34.1

VLAN 35:

PC 1 = 192.168.35.1

PC2 = 192.168.35.2

When I ping server 1 with the PC 1 or PC 2, I get a reply.

I would like to know,  how to do it for isolate the 2 VLANs ?

Thank You

Regards,

Hi @fouji !

Yes, you are right, by default the switch will forward traffic between all its Vlan-interfaces with no restriction. Since you need to isolate both VLANs on Layer 3, the best approach will be to use ACLs. Depending what exactly you need to achieve, this ACL (or multiple ACLs) may look differently, but I will share a basic configuration that will help you to achieve what you need:

system-view
acl advanced 3000
 rule 10 deny ip destination 192.168.34.0 0.0.0.255
 rule 20 permit ip
quit
inteface Vlan-interface35
 packet-filter 3000 inbound
return

This configuration will drop all traffic from Vlan35 destined to Vlan34, but will allow the rest of the traffic, like Internet connection, routing to other Vlans etc. Just keep in mind that traffic from Vlan35 hosts to IP address of Vlan-interface34 (192.168.34.254) will probably be allowed (that depends on platform), but for sure it will be dropped to all hosts in Vlan34.

Hope this helps!

Thank you very much, it's work perfectly