VLAN Configuration for HP 5120-48G EI Switch with 2 Interface Slots (JE069A)
VLAN Configuration for HP 5120-48G EI Switch with 2 Interface Slots (JE069A)
(OP)
I recently got 3 new HP 5120-48G EI Switch with 2 Interface Slots (JE069A). Each swith is currently fitted with 1 local connect module and effectively function as a stacked switch. I would like to partition my network as below. I currently do not have any experience with VLAN and based on my assumptions and understanding on VLAN, I presume the following can be done. Please let me know if this is actually possible and how to achieve it. Attached is visual on how my switch would be partition with VLAN.
(Visio diagram as attached)
S1 = Windows AD Domain Controller
S2 = Internet Gateway
S3 = Confidential File Server
S4 = General File Server
Team A = VLAN 1
Team B = VLAN 2
Team C = VLAN 3
Team D = VLAN 4
Team E = VLAN 5
Team F = VLAN 6
VLAN 1 can only see S1, S4
VLAN 2 can only see S1, S2, S4
VLAN 3 can see everything
VLAN 4 can only see S2
VLAN 5 can only see S2
VLAN 6 can only see S2
(Visio diagram as attached)
S1 = Windows AD Domain Controller
S2 = Internet Gateway
S3 = Confidential File Server
S4 = General File Server
Team A = VLAN 1
Team B = VLAN 2
Team C = VLAN 3
Team D = VLAN 4
Team E = VLAN 5
Team F = VLAN 6
VLAN 1 can only see S1, S4
VLAN 2 can only see S1, S2, S4
VLAN 3 can see everything
VLAN 4 can only see S2
VLAN 5 can only see S2
VLAN 6 can only see S2
Talk To Other Members
RE: VLAN Configuration for HP 5120-48G EI Switch with 2 Interface Slots (JE069A)
That was true 20 years ago, before Windows NT.
Nowadays, security is provided through identity management & authentication, in your case, AD. It boggles my mind that educational institutions and networking equipment vendors still all use this workgroup segregation as their prime example of the use of VLANs. Nobody in their right mind uses VLANs for this on a corporate network.
It's a complete waste of time devising a complex network design for a purpose which has been superseded 20 years ago.
The purpose of VLANs is to segregate traffic for performance purposes and to break down broadcast domains, again for performance purposes.
The most important thing is to make it simple in order to make it easy to support. Making it complicated astronomically increases your risk of configuration mistakes and security incidents due to staff not understanding the implications or details of changes they make.
RE: VLAN Configuration for HP 5120-48G EI Switch with 2 Interface Slots (JE069A)
e.g.
interface GigabitEthernet1/0/1
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 5 untagged
port hybrid pvid vlan 5
:
:
interface GigabitEthernet1/0/9
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 6 untagged
port hybrid pvid vlan 6
- add ACLs with "packet-filter" to all ports for your subnets: http://www.h3c.com/portal/download.do?id=1290690
Don´t forget to install latest firmware: https://h10145.www1.hp.com/downloads/SoftwareRelea...
RE: VLAN Configuration for HP 5120-48G EI Switch with 2 Interface Slots (JE069A)