2 Replies Latest reply on Jun 30, 2015 12:58 PM by noor

    Port Protection - VLAN Configuration

    kjohanson New Member

      I am new to Adtran products and this support site so thanks for taking the time to read this.

       

      What I am trying to accomplish is the following with a 1531P swtich.

       

      I have a small office network and want to divide up the network for security.  There are three segments in total. 

       

      1.  LAN - Workstations, label printers etc.

       

      2.  WLAN - Secured access but these users do not need to talk to the LAN segment.

       

      3.  Network Printers - These printers need to be accessible to both segment 1 and 2.  + Outbound access to router / internet

       

      I have tried to do my homework on this matter and believe I understand what to do but am not completely confident. 

       

      It appears that if I was to setup VLANS for segment 1, 2 and 3 this would separate the subnets which is a start.  However I also read that if I enable port protection for segment 1 and 2 this will absolutely prevent any communication between these segments which is what I want.  If not and someone was smart enough they could hard code an IP from segment 1 while they are on the WLAN and browse resources which defeats the purpose of my goal.  This seems to be what inter VLAN routing is. Segment 3 would remain unprotected. 

       

      In some brands this seems to be called private VLAN but I am not sure if Adtran supports this or not.  This to me is the ideal setup, segment 1 and 2 can not communicate but segment 1 can communicate with segment 3 and segment 2 can communicate with segment 3. 

       

      Am I on the right path or is this type of configuration not something which is supported in the 1531P product?

       

      Thanks! 

        • Re: Port Protection - VLAN Configuration
          evanh Employee

          Kyle,

           

          Port protection itself is more intended to be switch specific and would actually create complete client separation as protected ports cannot talk to other protected ports, but can talk to non-protected ports.

           

          What you should use is filtering at the device which routes the traffic. If it is your 1531, or another L3 ADTRAN NetVanta switch you will need to use hardware ACLs explained in Configuring Hardware ACLs in AOS.

           

          Thanks,

          Evan

            • Re: Port Protection - VLAN Configuration
              Employee

              I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post to unmark it and select another in its place with the applicable buttons.  If you have any additional information on this that others may benefit from, please come back to this post to provide an update.  If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

               

              Thanks,

              Noor