Ethernet Switches & Routers

Reply
Occasional Contributor
Posts: 6
Registered: ‎09-19-2016

Blocked vlan traffic accessing to other vlan except for internet and IP phone via ACL.

Hi All,

 

I am new to Brocade. Appreciate if anyone can guide or advice below requirement is configurable. Thanks

 

Requirement:

 

Blocked vlan 80 traffic accessing to other vlan except for internet and IP phone via ACL.

 

Issue encounter:

 

Currently all IP phone is connected to IP PBX server at vlan 10 

 

 

 

ICX6610 Current Configuration:

 

ver 08.0.10gT7f3
!
stack unit 1
module 1 icx6610-24f-sf-port-management-module
module 2 icx6610-qsfp-10-port-160g-module
module 3 icx6610-8-port-10g-dual-mode-module
stack-trunk 1/2/1 to 1/2/2
stack-trunk 1/2/6 to 1/2/7
stack-port 1/2/1 1/2/6
stack enable
!
global-stp
!
!
!
vlan 1 name DEFAULT-VLAN by port
spanning-tree priority 4096
!
vlan 10 name LAN by port
tagged ethe 1/1/1 to 1/1/24 ethe 1/3/2 to 1/3/8
router-interface ve 10
spanning-tree priority 4096
!
vlan 80 name GUEST by port
tagged ethe 1/1/1 to 1/1/24 ethe 1/3/2 to 1/3/8
router-interface ve 80
spanning-tree priority 4096
!
vlan 100 name server by port
tagged ethe 1/1/1 to 1/1/24 ethe 1/3/2 to 1/3/8
untagged ethe 1/3/1
router-interface ve 100
spanning-tree priority 4096
!
vlan 250 name CCTV by port
tagged ethe 1/1/1 to 1/1/24 ethe 1/3/2 to 1/3/8
router-interface ve 250
spanning-tree priority 4096
!
vlan 1000 by port
tagged ethe 1/1/1 to 1/1/24 ethe 1/3/2 to 1/3/8
router-interface ve 1000
spanning-tree priority 4096

 

 

Brocade Moderator
Posts: 236
Registered: ‎06-30-2010

Re: Blocked vlan traffic accessing to other vlan except for internet and IP phone via ACL.

Hi,

 

The easiest way to acheive what you are proposing is to apply an ACL on each of the Ve to permit or deny IP addresses associated with Ve 80.

 

i.e.

 

On Ve 10 no ACL required as you want to permit all

 

On Ve 100 first line of ACL should deny IP of Ve 80 and 2nd line should permit any any

 

Do not forget implicit deny on ACL which will deny all at end of ACL so permit will be required to allow permitted traffic

 

Regards

Mick


If my response has solved your query please click the "Accept as Solution" button.

Any and all information provided by me is not reviewed, approved or endorsed by Brocade and is provided solely as a convenience for Brocade customers.

All systems and all networks are different and unique. If you have a service affecting network problem, please open a TAC service request for service through Brocade, or through your OEM equipment provider.

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.