Route Subnet to only access 1 IP address on different VLAN HP Procurve

hphp-procurveip-routingroutingvlan

I'm trying to route VLAN 300 which has a subnet 192.168.100.0/26 to only access 10.220.1.10 on VLAN 220 but struggling with the config. HP's documentation from what I can tell just wants me to enable IP RIP but that gives access to the entire 220 VLAN when all I'm trying to do is give access to 10.220.1.10 on VLAN 220

This is for RF Guns connecting to an AS400 server and we are trying to isolate the traffic from everything else. So the RF guns live on VLAN 300 in 192.168.100.0/26 and the AS400 lives on VLAN 220 with 10.220.1.10 as its IP

Best Answer

If you are trying to access a single system on a subnet that has more than one system on it...

I would put a static route on the end systems that specified to reach the 10.220.1.10 system you need to go through the HP router. Then I would use an access list on the router to ensure it is only routing traffic you intend.

You can't use routing to (easily) do what you want because a router thinks in terms of subnets. It thinks about which subnets it has access to based on network address and mask. If it has an interface on the same network as 10.220.1.10 it is going to think of itself as a viable candidate to rout traffic to any host on that subnet. And that isn't what you want, you just want the one host.

Another thing to keep in mind is that routers don't know what VLANs are. Routers are layer 3. Routers only care about IP addresses. They will reference your VLAN through an IP interface, or a Sub-Interface if you are dealing with a VLAN Trunk.

EDIT

If the HP router is also the default gateway, you don't need to worry about any static routes. Just put an ACL on the interface leading to 10.220.1.10.

Related Solutions

Cisco ASA – How to Route PPPoE-Assigned Subnet

How does the ASA know which range it is responsible for on the Fiber interface?

It doesn't. Your ISP knows (hopefully) that hosts within given sub-net are reachable via the ASA. In case the ASA wouldn't have connected peer (or other proper route to), the ping-pong would begin: ISP sends packet to ASA, and the ASA sends it back by its default route. That's why I'd recommend at least adding static route saying that your assigned subnet is reachable via Null device.

How do I use the addresses from my range?

Plenty of ways actually. For e. g., you can NAT your private IPs to some IP within the subnet. You can subnet it further and connect some hosts to your ASA directly on those IPs.

Procurve 2810 command line – reassigning ports to a different VLAN

Using the menu command and running through the menu system is the easiest for beginners.

From the main menu (">" means enter):
2. Switch Configuration > 8. VLAN > 3. VLAN Port Assignment > Edit >
Find the port and vLan, space until it reads as you want.
> to finish, Save >

To do it through the CLI:

conf t
vlan 2
untag 23-24
wr m

The last line saves the configuration to flash (otherwise configuration changes are only saved to RAM (allowing you to easily recover from messed up configuration with a quick power cycle).

Note: since a port can only be assigned to one vlan in untagged mode, when you assign them to vlan2, they'll be automatically removed from 3. For assignments in tagged mode this would not be true. Also you can't actually remove untagged assignments because ports always have to be assigned to some vlan.

Best Answer

Related Solutions

Cisco ASA – How to Route PPPoE-Assigned Subnet

Procurve 2810 command line – reassigning ports to a different VLAN

Related Topic