isolate ip network of vlan from other on same port
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎12-01-2016 03:40 AM
Here is the scenario
we have multiple VLAN's configured as follows.
VLAN 2001 setting
create vlan "vlan2001"
configure vlan vlan2001 tag 2001
configure vlan vlan2001 add ports 21-24 tagged
configure vlan vlan2001 ipaddress 10.0.0.1 255.255.255.0
configure vlan vlan2001 dhcp-address-range 10.0.0.3 - 10.0.0.100
configure vlan vlan2001 dhcp-options default-gateway 10.0.0.1
enable ipforwarding vlan vlan2001
enable dhcp ports 21-24 vlan vlan2001
There are lots of other vlans
for example
create vlan "vlan199"
configure vlan vlan199 tag 199
configure vlan vlan199 add ports 21-24 tagged
configure vlan vlan199 ipaddress 172.16.199.1 255.255.255.0
configure vlan vlan199 dhcp-address-range 172.16.199.2 - 172.16.199.200
configure vlan vlan199 dhcp-options default-gateway 172.16.199.1
enable ipforwarding vlan vlan199
enable dhcp ports 21-24 vlan vlan199
Similiarly we have vlan 101 to 198 with ip 172.16.<101-198>.1 and dhcp range 172.16.<101-198>199.2 - 172.16.<101-198>.200
I want that 172.16.<101-199>.x should not be able to ping 10.0.0.x
How should I do that ?
Thanks.
we have multiple VLAN's configured as follows.
VLAN 2001 setting
create vlan "vlan2001"
configure vlan vlan2001 tag 2001
configure vlan vlan2001 add ports 21-24 tagged
configure vlan vlan2001 ipaddress 10.0.0.1 255.255.255.0
configure vlan vlan2001 dhcp-address-range 10.0.0.3 - 10.0.0.100
configure vlan vlan2001 dhcp-options default-gateway 10.0.0.1
enable ipforwarding vlan vlan2001
enable dhcp ports 21-24 vlan vlan2001
There are lots of other vlans
for example
create vlan "vlan199"
configure vlan vlan199 tag 199
configure vlan vlan199 add ports 21-24 tagged
configure vlan vlan199 ipaddress 172.16.199.1 255.255.255.0
configure vlan vlan199 dhcp-address-range 172.16.199.2 - 172.16.199.200
configure vlan vlan199 dhcp-options default-gateway 172.16.199.1
enable ipforwarding vlan vlan199
enable dhcp ports 21-24 vlan vlan199
Similiarly we have vlan 101 to 198 with ip 172.16.<101-198>.1 and dhcp range 172.16.<101-198>199.2 - 172.16.<101-198>.200
I want that 172.16.<101-199>.x should not be able to ping 10.0.0.x
How should I do that ?
Thanks.
26 REPLIES 26
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎12-01-2016 01:06 PM
"This virtual router concept I couldn't grasp."
food for thought????
food for thought????
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎12-01-2016 10:40 AM
Finally my aim is that network of vlan 2001 (10.0.1/24) and vlan1967(172.16.92.1/24) should not be accessible to other vlans.
All other vlans may access each other's gateway.
The trunk port(21-24) will get data of all vlans.
To have less complication let's forget vlan1967.
So, If I could keep vlan 2001 network inaccessible to other vlan.
Also , can do if other vlan's do or don't ping each other's network.
This virtual router concept I couldn't grasp.
All other vlans may access each other's gateway.
The trunk port(21-24) will get data of all vlans.
To have less complication let's forget vlan1967.
So, If I could keep vlan 2001 network inaccessible to other vlan.
Also , can do if other vlan's do or don't ping each other's network.
This virtual router concept I couldn't grasp.
So if you have the vlan 2001 in the user defined vr vr-v2001 (just an example for a name) and the vlan 199 in a different user defined vr e.g. vr-access then these vlan are isolated by default and you don't need any ACLs
can you not just disable ipforwarding on the default VR?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎12-01-2016 10:27 AM
wow...thats alot....
can you not just disable ipforwarding on the default VR?
can you not just disable ipforwarding on the default VR?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎12-01-2016 10:25 AM
I saw a lots of routes and vlans. What is the solution you plan to build ?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎12-01-2016 10:14 AM
