I have 4 VLANs on my OS6400 which are mobile on every port, the corresponding VLAN for the end equipment is attributed by a radius server upon MAC address.
VLAN 100 Data
VLAN 200 Voice
VLAN 300 Management
VLAN 400 Internet
On userside I have an Alcatel 4068 with PC behind running a WinXP and a VM for Internet i.e. 3 VLANs (100, 200 and 400) on one port. Each VLAN has it's own IP Helper address.
Now I want to isolate VLAN 400 from all the rest i.e. VLAN 400 cannot communicate with the other VLANs
I tried this but now I'm not able to browse the web as recommanded here:
showthread.php?4986-Help-with-condition ... ht=isolate
Code: Select all
policy network group VLAN400 10.0.0.0 mask 255.255.255.0
POLICY CONDITION VLAN400-TO-ANY SOURCE VLAN 400
POLICY CONDITION VLAN400-TO-VLAN400 SOURCE VLAN 400 DESTINATION network group VLAN400
POLICY ACTION DENY disposition deny
POLICY ACTION ALLOW
POLICY RULE ALLOW-VLAN400-TO-VLAN400 CONDITION VLAN4000-TO-VLAN4000 precedence 20 ACTION ALLOW
POLICY RULE DENY-VLAN400-TO-ANY CONDITION VLAN400-TO-ANY precedence 10 ACTION DENY
QOS APPLYFirst the internet router is directly attached to the OS6400, the test environment for the security department. In a second step there will be a proxy server for internet traffic so the uplink to the internet isn't on the 6400 but there are 2x9700 in between -> PBR?
My boss wants to see policy condictions on the user switch because he's more comfortable with that. Can somebody help me with that?
thanks 4 help
