ExtremeCloud IQ- Site Engine & Extreme Management Center

Expand all | Collapse all

VLAN separation with common access to one vlan

  • 1.  VLAN separation with common access to one vlan

    Posted 10-11-2017 10:34
    Hello,
    our customer has 18 tenants in a building which share a common it infrastructure. Each tenant should be able to access the common resource telephone system and internet. The tenant networks should be separated.
    What I did:
    a vlan for each tenant with an ip address as a tenant gateway
    ipforwarding for all vlans
    Is there a possibility to separate the tenant networks, without for each tenant a traffik deny for all other tenants to place?
    Switch: X460 G2, FW: 22.3.1.4
    Software: NetSight
    Thanks in advance
    Best Regards
    Juergen Graefe


  • 2.  RE: VLAN separation with common access to one vlan

    Posted 10-11-2017 10:37


  • 3.  RE: VLAN separation with common access to one vlan

    Posted 10-11-2017 10:38
    Or use the ACL with ICMP redirect to force the Stream to (for example) a firewall.

    Don't forget to implement the return of the Stream !



  • 4.  RE: VLAN separation with common access to one vlan

    Posted 10-11-2017 11:21
    Thanks pascal for your replay.
    I have private vlan "inet" configured
    create private-vlan InetPriv
    configure private-vlan InetPriv add networkv "Inet"
    If I then try to add a tenant vlan as "non-isolated"
    configure private-vlan InetPriv add subscriber "ForIB" non-isolated
    I get the error "Subscriber VLAN can not have ip address Configured"
    This IP address I need, but nevertheless the routing for this tenant works?



  • 5.  RE: VLAN separation with common access to one vlan



  • 6.  RE: VLAN separation with common access to one vlan

    Posted 10-17-2017 08:03
    I have solved the problem by having ipforwarding enabled for all vlans and
    for each tenant I has created an access list with a mutual exclusion.
    Thanks for replay


  • 7.  RE: VLAN separation with common access to one vlan

    Posted 10-17-2017 09:41
    This it what I used ... ACLs are very easy with Extreme Networks :)

    It's not the case with Cisco ...

    Anyway your problem was solved : Great !