cancel
Showing results for 
Search instead for 
Did you mean: 

isolate ip network of vlan from other on same port

isolate ip network of vlan from other on same port

sumeet
New Contributor
Here is the scenario
we have multiple VLAN's configured as follows.

VLAN 2001 setting

create vlan "vlan2001"
configure vlan vlan2001 tag 2001
configure vlan vlan2001 add ports 21-24 tagged
configure vlan vlan2001 ipaddress 10.0.0.1 255.255.255.0
configure vlan vlan2001 dhcp-address-range 10.0.0.3 - 10.0.0.100
configure vlan vlan2001 dhcp-options default-gateway 10.0.0.1
enable ipforwarding vlan vlan2001
enable dhcp ports 21-24 vlan vlan2001

There are lots of other vlans
for example
create vlan "vlan199"
configure vlan vlan199 tag 199
configure vlan vlan199 add ports 21-24 tagged
configure vlan vlan199 ipaddress 172.16.199.1 255.255.255.0
configure vlan vlan199 dhcp-address-range 172.16.199.2 - 172.16.199.200
configure vlan vlan199 dhcp-options default-gateway 172.16.199.1
enable ipforwarding vlan vlan199
enable dhcp ports 21-24 vlan vlan199

Similiarly we have vlan 101 to 198 with ip 172.16.<101-198>.1 and dhcp range 172.16.<101-198>199.2 - 172.16.<101-198>.200
I want that 172.16.<101-199>.x should not be able to ping 10.0.0.x
How should I do that ?

Thanks.
26 REPLIES 26

JeremyClarkson
New Contributor
awesome!

sumeet
New Contributor
did it .
I hosted two virtual routers on port 21 of my switch .
Works as desired.
thank you all .

sumeet
New Contributor
this is what I did

* X460-24t.3 # configure vlan vlan2001 delete ports all
* X460-24t.4 # delete vlan vlan2001
Previously , vlan2001 was in default virtual-router

* X460-24t.5 # virtual-router voip2001
* (vr voip2001) X460-24t.6 # create vlan "vlan2001"
* (vr voip2001) X460-24t.7 # configure vlan vlan2001 tag 2001
* (vr voip2001) X460-24t.8 # configure vlan vlan2001 add ports 21-24 tagged
Error: Port 21 belongs to virtual router VR-Default. VLAN is created on virtual-router voip2001
* X460-24t.11 # configure "VR-Default" delete ports 21-24
Error: Port 21 belongs to 426 VLAN(s). Delete the port from the VLAN(s)
* X460-24t.10 # show virtual-router "VR-Default"
Virtual Router : VR-Default Type : System
Description : Default VR
Operational State : Up
IPv4 Admin State : Enabled IPv6 Admin State : Enabled
IPv4 Route Sharing : Disabled IPv6 Route Sharing : Disabled
L3VPN SNMP Traps : Disabled
Protocols Configured :
--------------------------------------------------------------------
Protocol Process Configuration Protocol
Name Name Module Name Instances
--------------------------------------------------------------------
RIP rip rip 1
R.png r.png r.png 1
--------------------------------------------------------------------
Port List : 1-30
VLANS:
...
lots of vlans
...
Virtual Router Totals :
Total Protocols : 2 Max Protocols : 8
Total Ports : 30
Total Vlans : 428
Total IPv4 Vlans : 427 Total Ipv6 Vlans : 0
Active IPv4 Vlans : 425 Active Ipv6 Vlans : 0
Inactive IPv4 Vlans : 2 Inactive Ipv6 Vlans : 0

Will I have to run
configure vlan delete ports 21-24
for all 428 of these.
Then only I can add two virtual routers (vr-default and voip2001) to ports 21-24 ?

You need to delete the port from all VR's than you can add more vlans (with different VR's to the port). So yes you need to delete the port from all VLANs, than you can delete the port from VR, than you can add those VLANS again to the port. Regards Z.
Regards Zdeněk Pala
GTM-P2G8KFN