- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Aruba & ProVision-based
- >
- Help with ACL's on HP 2920
-
- Forums
-
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
- HPE Blog, Austria, Germany & Switzerland
- Blog HPE, France
- HPE Blog, Italy
- HPE Blog, Japan
- HPE Blog, Middle East
- HPE Blog, Russia
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
-
Blogs
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Blog, Latin America
- HPE Blog, Middle East
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
-
Information
- Community
- Welcome
- Getting Started
- FAQ
- Ranking Overview
- Rules of Participation
- Tips and Tricks
- Resources
- Announcements
- Email us
- Feedback
- Information Libraries
- Integrated Systems
- Networking
- Servers
- Storage
- Other HPE Sites
- Support Center
- Aruba Airheads Community
- Enterprise.nxt
- HPE Dev Community
- Cloud28+ Community
- Marketplace
-
Forums
-
Blogs
-
Information
-
English
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
12-04-2015 06:59 AM - edited 12-04-2015 07:02 AM
12-04-2015 06:59 AM - edited 12-04-2015 07:02 AM
Help with ACL's on HP 2920
Hi all,
I'm fairly new to networking, and I would appreciate any help with configuring ACL's on a HP 2920.
I have several VLAN's, and I want to block communication between some of them, and do some other configurations. In the end, this is what I want to accomplish:
- Allow all traffic from vlan20 to vlan10
- Allow all traffic from vlan30 to vlan10
- Allow traffic on tcp port 8880 from vlan40 to vlan10
- Deny all traffic from vlan50 to vlan10
- Allow all traffic from vlan99 to vlan10
So, I think this is what I need to configure:
ip access-list extended "VLAN10-In"
permit ip 192.168.20.0/24 192.168.10.0/24
permit ip 192.168.30.0/24 192.168.10.0/24
permit tcp 192.168.40.0/24 192.168.10.0/24 eq 8880
deny ip 192.168.50.0/23 192.168.10.0/24
permit ip 192.168.99.0/24 192.168.10.0/24
(VLAN50 is a /23 network, it's not a typo).
And then, I assume that I have to apply this configuration to the VLAN10 itself, am I right?
Regards
- Tags:
- ACLs
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
12-12-2015 07:48 AM
12-12-2015 07:48 AM
Re: Help with ACL's on HP 2920
Hello. 2920 supports ingress port and VLAN ACLs. If your intention is to only allow hosts on VLAN 20, 30, 40 (TCP 8080 only), and 99 to send traffic to VLAN 10 then that ACL will work, but bear in mind those hosts will only be allowed to send traffic with an IP destination of 192.168.10.0/24. All other IP traffic, DHCP discover packets for example, will be dropped. And all VLAN 50 traffic will be dropped.
Also remember there is an implicit "deny ip any any" at the end of the ACL so anything not explicitly permitted will be dropped.
Once you determine what traffic you want to permit you would then apply it on the ingress port (interface x ip access-group y) or VLAN (vlan x ip access-group y).
Hewlett Packard Enterprise International
- Communities
- HPE Blogs and Forum
© Copyright 2021 Hewlett Packard Enterprise Development LP