Hello HP Forum first time forum subscriber long time product consumer. I am trying to wrap my head around
policy based routing and secure vlan communication. What i am trying to accomplish is define which vlans can communicate and make a policy to route internet traffic. I am currently trying to confgure this on a HP5406zl. After some googling there are three solutions to this problem. One i can remove the ip address on the vlan interface and set the firewall ip adress as gateway. Two i can implement acl on the vlan interfaces to deny traffic to other vlans. And three i can create policy based routing that sets next hop to the firewall. I have fairly many vlans but the client vlans consist mostly of teachers and students. I have to create fairly many acl for each vlan interface to hinder communication between students and teacher vlans. If there were a easier way to do this with policy based routing it would be easier to maintain access lists because then i dont have to deny the traffic from one source to all other destinations and default permit anything else in the bottom of the access list. I could just create an access list that permits traffic from sources to destination and default deny the last rule in the acl and create a policy that sets next hop to the firewall. Is this possible in a fairly easy way i want secure intervlan traffic defined with a policy based routing that also can reach the internet. I currently have an 3com router that does this today but i want to replace it with an 5406zl.
To make an example this is what i want accomplish.
Student vlan and student server vlan can communicate.
Techer vlan and teacher server vlan can communicate.
Both vlans can reach internet with next hop to the firewall.
VLAN56: 10.100.56.0/22 (Student vlan)
VLAN80: 10.100.80.0/24 (Student Server vlan)
VLAN160: 10.100.160.0/22 (Techer vlan)
VLAN180: 10.100.180.0/24 (Staff Server vlan)
VLAN10: 10.100.10.0/31 (Transport vlan for firewall)
FWIP: 10.100.10.1/32