Solved

VLAN Communication


Hi Dears,

I have 5 vlans

1- VLAN10 ID: 10 (Using for IT Department)
2-VLAN20 ID: 20 (Using for HR Department)
3-VLAN30 ID: 30 (Using for ADMIN Department)
4-VLAN40 ID:40 (Using for HR Department)
5-VLAN50 ID: 50 (Using for Servers)

My requirement is

All vlans can communicate with only VLAN50 and other VLANS should not communicate with eachother.
Means

VLAN10 will not communicate with VLAN20, VLAN30 and VLAN40 but it should be communicate with VLAN50

Like VLAN20,VLAN30 and VLAN40 should not communicate with each other but all VLANs user can communicate with VLAN50.


Please suggest me how to configure in extreme switch.

Switch model is X670
icon

Best answer by Tomasz 8 December 2018, 22:48

Hi,

I would think of ACLs or PVLANs set for VLAN translation.
For VLAN translation, please see chapter 15 of EXOS User Guide and consider whether it will fit our requirements: https://documentation.extremenetworks.com/exos_22.5/EXOS_User_Guide_22_5.pdf
For ACLs, it depends on what do you want to do with the traffic by default. You can create a wildcard ACL (applied to entire switch) that denies particular combinations of source/destination subnets. Or per-VLAN ACL that will block other destination subnets. Or per-VLAN ACL that will allow particular subnets and deny all the rest. There are many different ways how can you limit that. I didn't see any use of VLAN translation for that but seems to be the most convenient for such scenario.

Hope that helps,
Tomasz

View original

1 reply

Userlevel 5
Hi,

I would think of ACLs or PVLANs set for VLAN translation.
For VLAN translation, please see chapter 15 of EXOS User Guide and consider whether it will fit our requirements: https://documentation.extremenetworks.com/exos_22.5/EXOS_User_Guide_22_5.pdf
For ACLs, it depends on what do you want to do with the traffic by default. You can create a wildcard ACL (applied to entire switch) that denies particular combinations of source/destination subnets. Or per-VLAN ACL that will block other destination subnets. Or per-VLAN ACL that will allow particular subnets and deny all the rest. There are many different ways how can you limit that. I didn't see any use of VLAN translation for that but seems to be the most convenient for such scenario.

Hope that helps,
Tomasz

Reply