Might it be easier to control the vlan access with acl's instead of policy?
If you do use policy though, I think the c can allow access to a particular port for a certain subnet or ip. Sent from my Android phone using TouchDown (www.nitrodesk.com) -----Original Message----- From: [email protected] [[email protected]] Received: Friday, 27 Apr 2012, 5:36am To: Enterasys Customer Mailing List [[email protected]] Subject: [enterasys] Routing and Policy on C5 Hi, we have different VLANs routed on a C5. We now want to separate the VLANs with Policy, for example VLAN A has full connectivity to VLAN B, but only Port 80 to VLAN C. All devices in VLAN C has full access to the devices in the same VLAN, but from VLAN A, only Port 80 is accepted. Has anyone an idea, how to map this with policy? If I create a role for VLAN A, that denies all traffic and create a service that allows port 80 with the ip address of VLAN C, it does not work (I think because the traffic from VLAN A to its default gateway is blocked). If I allow communication with the default gateway, I can connect non-restricted to VLAN C . Otherwise, if I create a role for VLAN A, that permits everything, I have to create many rules for VLAN C, that only port 80 is allowed from VLAN A as source I hope, this is comprehensible, has anyone an idea for this case? Kind Regards Ralf Lutz Stadt Heidelberg Personal- und Organisationsamt Abt. Informationsverarbeitung Marktplatz 10 69117 Heidelberg Tel. +49 62 21 58 11 14 0 Fax +49 62 21 58 46 11 14 0 * --To unsubscribe from enterasys, send email to [email protected]<mailto:[email protected]> with the body: unsubscribe enterasys [email protected] --- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected]
