- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Comware Based
- >
- Creating ACL on HPE Switch 5130 but blocking in tw...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-27-2018 11:24 AM
07-27-2018 11:24 AM
Creating ACL on HPE Switch 5130 but blocking in two ways
Good afternoon, I would like support for some questions about ACL on HPE 5130 Switch.
In my environment, the switch 5130 is the company's core switch, I've created two VLANs, one for the internal network and the other as a sort of DMZ. At the moment, I am trying to create the ACLs so the DMZ does not access the internal network, but the internal network can access the DMZ.
Doubts:
1) When I create an ACL to block, for example, the ICMP protocol from the DMZ to the internal network, it blocks both ways, however I want to block only one way, is there any way to do this with this protocols and others like RDP, SMB?
2) In search, I found that there is an implicit deny and not visible, but I had to create the explicit rule so that there was the total block at the end, does this implicit deny really exist?
3) Finally, is there any document that outlines best practices for creating ACLs?
Thank you.
- Tags:
- ACLs
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-29-2018 07:21 PM
07-29-2018 07:21 PM
Re: Creating ACL on HPE Switch 5130 but blocking in two ways
For 1) you would want to explicitly permit "icmp-type 0" from the DMZ. Maybe some others, like type 3 as well, but definitely not type 8.