Might it be easier to control the vlan access with acl's instead of policy?
If you do use policy though, I think the c can allow access to a particular port for a certain subnet or ip. Sent from my Android phone using TouchDown (www.nitrodesk.com) -----Original Message----- From: ralf.l...@heidelberg.de [ralf.l...@heidelberg.de] Received: Friday, 27 Apr 2012, 5:36am To: Enterasys Customer Mailing List [enterasys@listserv.unc.edu] Subject: [enterasys] Routing and Policy on C5 Hi, we have different VLANs routed on a C5. We now want to separate the VLANs with Policy, for example VLAN A has full connectivity to VLAN B, but only Port 80 to VLAN C. All devices in VLAN C has full access to the devices in the same VLAN, but from VLAN A, only Port 80 is accepted. Has anyone an idea, how to map this with policy? If I create a role for VLAN A, that denies all traffic and create a service that allows port 80 with the ip address of VLAN C, it does not work (I think because the traffic from VLAN A to its default gateway is blocked). If I allow communication with the default gateway, I can connect non-restricted to VLAN C . Otherwise, if I create a role for VLAN A, that permits everything, I have to create many rules for VLAN C, that only port 80 is allowed from VLAN A as source I hope, this is comprehensible, has anyone an idea for this case? Kind Regards Ralf Lutz Stadt Heidelberg Personal- und Organisationsamt Abt. Informationsverarbeitung Marktplatz 10 69117 Heidelberg Tel. +49 62 21 58 11 14 0 Fax +49 62 21 58 46 11 14 0 * --To unsubscribe from enterasys, send email to lists...@unc.edu<mailto:lists...@unc.edu> with the body: unsubscribe enterasys ppri...@qcc.mass.edu --- To unsubscribe from enterasys, send email to lists...@unc.edu with the body: unsubscribe enterasys arch...@mail-archive.com