Hi everyone,
So I had to create an SSID on an OmniVista 2500 only for tablet use. These are automatically mapped into VLAN 403 and cannot communicate with each other.
But now I would like to make it so that it can only communicate with the internet, dns, dhcp and the radius server.
DNS, DHCP and RADIUS are in VLAN 100 accessible by a single IP address while my exit to the internet is done via a firewall in VLAN 101.
So my question is : How can I only authorize the flows mentioned above without using any ACL (policy condition) ?
Thanks
VLAN isolation
Re: VLAN isolation
You need routing and you need policies. The policies you should configure at your router=gateway (switch or firewall).
For you private-vlan is not a solution. You need ACL/policies.
BR Silvio
For you private-vlan is not a solution. You need ACL/policies.
BR Silvio
Re: VLAN isolation
Ok thank you.
So it is not at all possible to go with anything other than ACLs? Because ACLs are good but if the network evolves it takes a long time to update them all.
So it is not at all possible to go with anything other than ACLs? Because ACLs are good but if the network evolves it takes a long time to update them all.
Re: VLAN isolation
To forbid routing you need only to configure the rules at the router.
But I prefer to configure the rules at the edge too. For this you can use OV (f.e. with cli scripts) to configure all access switches in one step.
But I prefer to configure the rules at the edge too. For this you can use OV (f.e. with cli scripts) to configure all access switches in one step.
