HPE Community
Comware Based
1761248 Members
4100 Online
108901 Solutions
New Discussion

Creating ACL on HPE Switch 5130 but blocking in two ways

 
RodrigoABP
Occasional Visitor

‎07-27-2018 11:24 AM

‎07-27-2018 11:24 AM

Creating ACL on HPE Switch 5130 but blocking in two ways

Good afternoon, I would like support for some questions about ACL on HPE 5130 Switch.
 
In my environment, the switch 5130 is the company's core switch, I've created two VLANs, one for the internal network and the other as a sort of DMZ. At the moment, I am trying to create the ACLs so the DMZ does not access the internal network, but the internal network can access the DMZ.
 
Doubts:
 
1) When I create an ACL to block, for example, the ICMP protocol from the DMZ to the internal network, it blocks both ways, however I want to block only one way, is there any way to do this with this protocols and others like RDP, SMB?
 
2) In search, I found that there is an implicit deny and not visible, but I had to create the explicit rule so that there was the total block at the end, does this implicit deny really exist?
 
3) Finally, is there any document that outlines best practices for creating ACLs?
 
Thank you.

0 Kudos
1 REPLY 1
Vince-Whirlwind
Honored Contributor

‎07-29-2018 07:21 PM

‎07-29-2018 07:21 PM

Re: Creating ACL on HPE Switch 5130 but blocking in two ways

For 1) you would want to explicitly permit "icmp-type 0" from the DMZ. Maybe some others, like type 3 as well, but definitely not type 8.

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.