Hi all,
I am busy creating a new network plan with VLAN's and stuff. Now I am facing a problem I cannot fix on my own, so I hope somebody can give me a little help.
I have the following VLAN's:
1 - Default
2 - Servers
9 - Management
10 - Users
I have put ip helpers for DHCP and a IP interface in all of the VLAN's with forward on. This is needed because I need to get by example from VLAN 10 to 2.
But now I want to block by example traffic from VLAN 10 to VLAN 1 and VLAN 9 and from VLAN 1 to VLAN 9. Is this possible? And if so, how can I put this in my 6850?
Thanks for the help!
Block traffic between VLAN's
-
torrentula
Re: Block traffic between VLAN's
I believe you would use ACL's.
You can read up on it, the documentation for your switches can be found here:
http://www1.alcatel-lucent.com/enterpri ... witch.html
You can read up on it, the documentation for your switches can be found here:
http://www1.alcatel-lucent.com/enterpri ... witch.html
-
benny
Re: Block traffic between VLAN's
Hi,
There is a new public resource library for documentation: http://enterprise.alcatel-lucent.com/?d ... ge=Landing
Search for your product to find PDF documentation for OS6850 AOS 6.3.4.R01 ...
The old page is not updated any more - I will adapt my signature.
The right way to go are ACLs. With AOS 6.3.4.R01 you get a new option.
UNP = User Network Profile
You can already use UNP in 6.3.1.R01 but you can't map them with a policy (ACL) list.
In 6.3.4.R01 you can map two different UNPs e.g. "Guest" and "Engineering" with different policy lists and therefore allow communication or deny it. This is not only limited to allow/deny but also .1p stamping / bandwidth limiting etc, etc etc.
-benny
There is a new public resource library for documentation: http://enterprise.alcatel-lucent.com/?d ... ge=Landing
Search for your product to find PDF documentation for OS6850 AOS 6.3.4.R01 ...
The old page is not updated any more - I will adapt my signature.
The right way to go are ACLs. With AOS 6.3.4.R01 you get a new option.
UNP = User Network Profile
You can already use UNP in 6.3.1.R01 but you can't map them with a policy (ACL) list.
In 6.3.4.R01 you can map two different UNPs e.g. "Guest" and "Engineering" with different policy lists and therefore allow communication or deny it. This is not only limited to allow/deny but also .1p stamping / bandwidth limiting etc, etc etc.
-benny
-
Tha_Duck
Re: Block traffic between VLAN's
I am afraid I have to learn how the ACL's are working on Alcatel. Too bad, but no other way 
I am now able to block traffic between 2 IP addresses (or subnets I suppose). But I cannot use source and destination vlan in 1 condition. Also now my switch is set to accept any traffic, it should be set to deny everything except the rules I make. But I am a little scared about changing that in a production environment
If anybody can give me a workaround hint for the source/destination vlan it would be great!
Thanks for your time guys, I really appreciate it!
I am now able to block traffic between 2 IP addresses (or subnets I suppose). But I cannot use source and destination vlan in 1 condition. Also now my switch is set to accept any traffic, it should be set to deny everything except the rules I make. But I am a little scared about changing that in a production environment
If anybody can give me a workaround hint for the source/destination vlan it would be great!
Thanks for your time guys, I really appreciate it!
-
benny
Re: Block traffic between VLAN's
There is something called the "bridged default disposition" and "routed default disposition" - if you change them to "deny/drop" only the traffic you allow/permit would be accepted.
This actually takes a lot of practise and I strongly advise not to try it in a production network.
You can verify the current setting with "show qos config".
Good luck.
-b
This actually takes a lot of practise and I strongly advise not to try it in a production network.
You can verify the current setting with "show qos config".
Good luck.
-b
