- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Aruba & ProVision-based
- >
- Re: HP 2920-48g problem with acl assignment
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-09-2015 04:42 AM
10-09-2015 04:42 AM
Hello,
I've got a problem with ACL, when I want to assign it in a vlan, when I type the command :
vlan 172 ip access-group vpacl in
It tells me :
Invalid input: in
Can you help me ?
Thx
Solved! Go to Solution.
- Tags:
- ACLs
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-11-2015 04:54 PM
10-11-2015 04:54 PM
Re: HP 2920-48g problem with acl assignment
Should that be
int vlan 172
?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-12-2015 12:23 AM
10-12-2015 12:23 AM
Re: HP 2920-48g problem with acl assignment
Same problem with "int"
SWITCH-48-ARES(config)# int vlan 172 ip access-group vpacl in
Invalid input: in
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-12-2015 03:18 PM
10-12-2015 03:18 PM
Re: HP 2920-48g problem with acl assignment
Is ip routing enabled?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-13-2015 12:09 AM - edited 10-13-2015 12:11 AM
10-13-2015 12:09 AM - edited 10-13-2015 12:11 AM
Re: HP 2920-48g problem with acl assignment
Yes IP-Routing is enabled.
Here is the config of the switch (core for our network) :
Running configuration: ; J9728A Configuration Editor; Created on release #WB.15.13.0005 ; Ver #05:08.e3.ff.35.0d:29 hostname "SWITCH-48-ARES" module 1 type j9728a trunk 1-2 trk2 lacp trunk 47-48 trk3 lacp telnet-server listen data web-management listen data ip ssh listen data ip route 0.0.0.0 0.0.0.0 192.168.1.1 ip routing interface 1 name "trk2 vers salle serveurs" exit interface 2 name "trk2 vers salle serveurs" exit interface 47 name "trk3 vers sw vlan 6" exit interface 48 name "trk3 vers sw vlan 6" exit snmp-server community "public" unrestricted snmp-server listen data oobm disable ip address dhcp-bootp exit router rip redistribute connected exit vlan 1 name "DEFAULT_VLAN" no untagged 3,45-46 untagged 4-44,A1-A2,B1-B2 tagged Trk2-Trk3 ip address 192.168.1.20 255.255.255.0 exit vlan 6 name "lan6" untagged 45-46 tagged Trk2-Trk3 ip address 192.168.6.1 255.255.255.0 ip helper-address 192.168.1.2 exit vlan 10 name "Admin" untagged 3 tagged Trk2-Trk3 ip address 192.168.10.254 255.255.255.0 exit vlan 172 name "vlanvp" tagged Trk3 ip address 172.16.1.254 255.255.255.0 exit spanning-tree Trk2 priority 4 spanning-tree Trk3 priority 4 no tftp server tftp server listen data no autorun no dhcp config-file-update no dhcp image-file-update password manager password operator
vlan 172 (vlanvp) is for video protection lan, only, we want only some IPs to access this vlan, example : 192.168.6.134
I can't find out how to do this ..
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-13-2015 03:18 PM
10-13-2015 03:18 PM
Re: HP 2920-48g problem with acl assignment
In that case you are applying the acl in the wrong direction anyway.
What you need is to apply that acl as "in" on each of the *other* VLAN interfaces.
I wonder if it won't let you because you don't have any live ports in the VLAN or something?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-13-2015 05:07 PM - edited 10-13-2015 05:08 PM
10-13-2015 05:07 PM - edited 10-13-2015 05:08 PM
Re: HP 2920-48g problem with acl assignment
Hello. On WB.15.13 port and VLAN ingress ACLs are the only ones available to you. Router ACLs, that is ACLs with a direction of "in" or "out" in the VLAN context, are not supported. As forgeddit mentioned you could apply the ACL to each of the other VLANs to filter on ingress. Something like:
ip access-list extended "100"
10 permit ip 192.168.6.134 0.0.0.0 0.0.0.0 255.255.255.255
20 deny ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
vlan 1 ip access-group 100 vlan
vlan 6 ip access-group 100 vlan
vlan 10 ip access-group 100 vlan
Router ACLs were added to 2920 in WB.15.18 if upgrading the software is an option. You could take the same ACL and apply it to your egress VLAN 172:
vlan 172 ip access-group 100 out
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-20-2016 06:18 AM
01-20-2016 06:18 AM
Re: HP 2920-48g problem with acl assignment
Hello,
I've updated my switches, they are in version WB.15.18.0007, ROM WB.15.05
For ACL now I just have "vlan-in" configuration :
ex :
SWITCH-48-ARES(vlan-172)# ip access-group 100
vlan-in Apply the IPv4 ACL for bridged and routed inbound
packets on this VLAN.
SWITCH-48-ARES(vlan-172)# ip access-group 100
I don't have "in" or "out" options.
I still want only some IP's accessing VLAN 172, 192.168.6.134 is one of them.
I'm lost now, I still cannot use ACL with my 2920-48G.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-20-2016 06:59 AM - edited 01-20-2016 07:08 AM
01-20-2016 06:59 AM - edited 01-20-2016 07:08 AM
SolutionOk I've finally found how to make it working :
I've created an extended ACL for filtering VLAN in :
ip access-list extended vp
10 permit ip 172.16.1.0/24 192.168.6.0/24
wr mem
exitvlan 172
ip access-list vp vlan-in
wr mem
exit
This one permit all host in 192.168.6.0 to access 172.16.1.0 and deny for all others.
If I want to only accept one host IP (192.168.6.134), I can too with the "magical" host option ! Then :
ip access-list extended vp
10 permit ip 172.16.1.0/24 host 192.168.6.134
wr mem
exit
If I want another IP to access vlan 172 I can add a line in access-list vp :
20 permit ip 172.16.1.0/24 host 192.168.6.189
Last thing, I can too accept only one host ip to one host ip in vlan 172, like 172.16.1.1, I just have to add before it, "host" :
20 permit ip host 172.16.1.1 host 192.168.6.189
So with last firmware I can do whatever I want, that's cool !
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-18-2017 07:27 AM
05-18-2017 07:27 AM
Re: HP 2920-48g problem with acl assignment
I was just curious if anyone knows if the same commands are supported on the 2910al-48G-PoE Switch. I am running into the same sort of issues, however, haven't updated the firmware to the latest version yet.