Inter Vlan omniswitch 6400-P48

[avrilspirit]

yes excuse me, i have forget one screenshot but it's realized but the same things...

[benny]

Please post the full output of:

Switch-> write terminal

Thanks ... its just much easier than the WebView...

-benny

[avrilspirit]

write terminal
! Chassis :
system name vxTarget
! Configuration:
! VLAN :
vlan 1 enable name "VLAN 1"
vlan 2 enable name "VLAN 2"
vlan 2 port default 1/2
vlan 2 port default 1/3
vlan 2 port default 1/4
vlan 3 enable name "VLAN 3"
vlan 3 port default 1/5
vlan 3 port default 1/6
vlan 3 port default 1/7
vlan 3 port default 1/8
vlan 4 enable name "VLAN 4"
vlan 4 port default 1/9
vlan 4 port default 1/10
vlan 4 port default 1/11
vlan 4 port default 1/12
vlan port mobile 1/14
vlan port mobile 1/15
vlan port mobile 1/16
vlan port mobile 1/17
vlan port mobile 1/18
vlan port mobile 1/19
vlan port mobile 1/20
vlan port mobile 1/21
vlan 1 ip 192.168.91.0 255.255.255.0
vlan 2 ip 192.168.92.0 255.255.255.0
vlan 3 ip 192.168.93.0 255.255.255.0
vlan 4 ip 192.168.94.0 255.255.255.0
! VLAN SL:
! IP :
ip service all
icmp unreachable net-unreachable disable
ip interface "vlan 1" address 192.168.91.1 mask 255.255.255.0 vlan 1 ifindex 1
ip interface "vlan 2" address 192.168.92.1 mask 255.255.255.0 vlan 2 no forward ifindex 2
ip interface "vlan 3" address 192.168.93.1 mask 255.255.255.0 vlan 3 no forward ifindex 3
ip interface "vlan 4" address 192.168.94.1 mask 255.255.255.0 vlan 4 no forward ifindex 4
! IPX :
! IPMS :
! AAA :
aaa authentication console "local"
aaa authentication http "local"
! PARTM :
! AVLAN :
! 802.1x :
! QOS :
! Policy manager :
! Session manager :
! SNMP :
! RIP :
! OSPF :
! BGP :
! IP multicast :
! IPv6 :
! RIPng :
! OSPF3 :
! Health monitor :
! Interface :
! Port Mapping :
! Link Aggregate :
! VLAN AGG:
! 802.1Q :
! Spanning tree :
bridge mode 1x1
! Bridging :
! Bridging :
! Port mirroring :
! UDP Relay :
! Server load balance :
! System service :
! SSH :
! VRRP :
! Web :
! AMAP :
! Lan Power :
! NTP :
! RDP :
! VLAN STACKING:
->

[benny]

Ok, the issue is clear ...

ip interface "vlan 2" address 192.168.92.1 mask 255.255.255.0 vlan 2 no forward ifindex 2
ip interface "vlan 3" address 192.168.93.1 mask 255.255.255.0 vlan 3 no forward ifindex 3
ip interface "vlan 4" address 192.168.94.1 mask 255.255.255.0 vlan 4 no forward ifindex 4

You set the interfaces to "no forward" therefore they won't act as gateways between the networks.

-benny

[avrilspirit]

ok
thanks for all
it's works now, sorry for the disturbance.
it's the first time that i work with this equipment and i am in training course

[benny]

You are welcome.

This is actually the intention of this forum - to help newcomers.

Hope you are happy with the equipment.

-benny

[avrilspirit]

now all work (with port and with Mac address). But now all vlan can speack with each other.
I would like to put some restriction like ACL but i don't find in the documentation or directely in the web interface.
I don't know if it's in "IP interface" or in "security".

Example:
Now i have 3 vlans:
vlan 1 ip 192.168.91.0 255.255.255.0
vlan 2 ip 192.168.92.0 255.255.255.0
vlan 3 ip 192.168.93.0 255.255.255.0

the vlan 2 is the computing service
the vlan 1 is when one people come in the firm just to have internet.
the vlan 3 is all others service of the firm.

I would like that the vlan 2 could speak and access to the vlan 1 and 3 (but not contrary).
And after i would like that Vlan1 and Vlan3 don't speack together.

It's just routing with interface ? or it's in one other category ?


thanks again

[benny]

Have a look at the "Policy" rules. There is a very good description in the network configuration manual.

The section is Policy/QoS.

-benny

[avrilspirit]

ok
i have read the documentation and it's hard to understand...
i have try to identify my case compare to one other in the documentation..
but if i have well understand, i must create :
- one condition
- one action
- and one rule.

but i don't know what use..

for my example:
the vlan 2 is the computing service
the vlan 1 is when one people come in the firm and plug in,just to have internet.
the vlan 3 is all others service of the firm.

for the vlan 1 i think it is:
policy condition internetvlan1 source vlan 1
policy action route permanent gateway ip "router ip"
policy rule regle1 condition internetvlan action route

what do you think abot this ?

but for a communication between 2 vlan and to apply restriction on each, i don't know how can i do...

[benny]

You could e.g. build a policy condition which matches on your source to destination network IP ranges and then deny the traffic.

Be aware that building a huge ACL takes time and isn't so easy.

There is a built-in group called "Switch" (case-sensitive) which will always represent all IP interfaces of the switch. This way you can easily deny management access to the device (creating a rule which denies it and a rule which allows it for specific devices).

Before starting over you should read into the "precedence" setting for the policies to find out how to put rules in "correct order".

-benny