I am looking to do some major work on our infrastructure over the holidays. The network has grown to a size where it is starting to get a little to "chatty" to be one flat network so I want to split it up for this reason and for other security reasons as well. A HP 5406zl will do our routing so I am looking for the examples of an ACL for the following scenario. Most other switches are 2650s.
Vlan1 - Default -192.168.1.254
Vlan2 - Building 1 -192.168.2.254
Vlan3 - Building 2 -192.168.3.254
Vlan4 - Servers -192.168.4.254
Vlan5 - Management -192.168.5.254
I want Building 1 and 2 to be able to route to the servers and vice versa. I don't want building 1 and 2 to route to each other. I have other requirements but I think if I see these examples I can work from there.
Do I need to worry about dhcp etc? Do I need to set up a relay of some sort?
Also how would we need to configure it so we can use wake on lan from AB Tutor to turn on all the PCs in Building 1 and 2. Is there going to be a problem with this particular method?
I am currently reading through ftp://ftp.hp.com/pub/networking/soft...6-59913827.pdf but I really need to see some decent working examples so I can get my head around it.
Thanks in advance
Last edited by ChrisH; 14th July 2010 at 01:03 PM.
I could do with something too, or some guidance on VLAN ACLs for HP switches.
Basically we have a HP 5406zl as our core switch and are running three VLANs on it. These are wan, admin and curriculum and WAN.
The wan VLAN is there to provide access to the internet (EMBC through cisco router).
We don't want the admin and curriculum VLANs to be able to talk to each other. We need an ACL to either be applied to the admin VLAN or curriculum VLAN.
I am unsure whether the access-group ACL should be applied to the admin or curriculum VLAN (or maybe both??) and whether it should be applied as an 'in', 'out' or 'vlan'.
For instance would an ACL such as this be applied to the admin VLAN as ip access-group "ACL1" in?
ip access-list extended "ACL1"
10 deny ip 172.16.1.0 0.0.0.255 10.1.68.0 0.0.0.255
20 deny ip 172.16.1.0 0.0.0.255 10.1.69.0 0.0.0.255
30 deny ip 172.16.1.0 0.0.0.255 10.1.70.0 0.0.0.255
40 deny ip 172.16.1.0 0.0.0.255 10.1.71.0 0.0.0.255
50 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
Also what is the best way for it to be applied so that is doesn't apply such a load on the core switch. I remember reading something about applying ACLs as 'out' adds a load to the switch CPU as all the packets have to be assessed??
Thanks in advance!!
There are currently 1 users browsing this thread. (0 members and 1 guests)